Virus msn, invisible à msnfix ...
woeck
-
woeck -
woeck -
Bonjour,
J'ai un virus msn assez discret, pas beaucoup de repercussion sur le pc, a part peut être un ralentissement des performence. Mais mes contacts recoivent regulierement un site internet comme message, et apaprement, pas toujours le même.
Je suis pourtant prudent avec msn et n'ouvre jamais les site au hasard, mais bon j'ai du faire une erreur.
MSN reste en permanence sur l'écran, si j'ouvre une autre application, ou meme une boite de dialigue avec un contact. Je utiliser l'application à l'aveugle, elle est "selectionnée" dans la barre des taches, mais la fenetre général de msn la recouvre, je doit alors reduire msn, et la j'ai l'aure application en vue.
J'ai fait un hijackthis, mais je ne sais aps le decrypter.
Quelqu'un pourrait m'aider.
MsnFix ne trouve aucune infection, spybot non plus.
Voici le resultat de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:47:46, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Woeck\Bureau\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Merci d'avance !
J'ai un virus msn assez discret, pas beaucoup de repercussion sur le pc, a part peut être un ralentissement des performence. Mais mes contacts recoivent regulierement un site internet comme message, et apaprement, pas toujours le même.
Je suis pourtant prudent avec msn et n'ouvre jamais les site au hasard, mais bon j'ai du faire une erreur.
MSN reste en permanence sur l'écran, si j'ouvre une autre application, ou meme une boite de dialigue avec un contact. Je utiliser l'application à l'aveugle, elle est "selectionnée" dans la barre des taches, mais la fenetre général de msn la recouvre, je doit alors reduire msn, et la j'ai l'aure application en vue.
J'ai fait un hijackthis, mais je ne sais aps le decrypter.
Quelqu'un pourrait m'aider.
MsnFix ne trouve aucune infection, spybot non plus.
Voici le resultat de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:47:46, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Woeck\Bureau\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Merci d'avance !
A voir également:
- Virus msn, invisible à msnfix ...
- Clé usb invisible - Guide
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
6 réponses
Bojour
Commence par télécharger Malwarebytes anti-malware, mets le à jour, fais un scan complet de ton système et colle le rapport ici
Commence par télécharger Malwarebytes anti-malware, mets le à jour, fais un scan complet de ton système et colle le rapport ici
Je ne pense pas non !
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur webn antivirus et connexion Internet avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur webn antivirus et connexion Internet avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Formater ne fera que reporter ton problème ultérieurement..
Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous
C:\DOCUME~1\Woeck\LOCALS~1\Temp\RGIA.tmp
C:\Program Files\eTarget20d
Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles
Sachant que je ne vois rien de spécial, mis à part les deux lignes en gras ci-dessus, fais ceci
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous
C:\DOCUME~1\Woeck\LOCALS~1\Temp\RGIA.tmp
C:\Program Files\eTarget20d
Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles
Sachant que je ne vois rien de spécial, mis à part les deux lignes en gras ci-dessus, fais ceci
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Salut, Merci de ta réponse !
Voici le résultat du scan Malwarebytes :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1144
Windows 5.1.2600 Service Pack 2
13/09/2008 11:32:44
mbam-log-2008-09-13 (11-32-44).txt
Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 85466
Temps écoulé: 41 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
J'ai ensuite refais un scan, aucun élement nuisible.
Est-ce que c'étais le virus MSN?
Merci
Voici le résultat du scan Malwarebytes :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1144
Windows 5.1.2600 Service Pack 2
13/09/2008 11:32:44
mbam-log-2008-09-13 (11-32-44).txt
Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 85466
Temps écoulé: 41 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
J'ai ensuite refais un scan, aucun élement nuisible.
Est-ce que c'étais le virus MSN?
Merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut,
J'ai fait le scan, voici le rapport.
ComboFix 08-09-14.06 - Woeck 2008-09-15 18:48:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.658 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Woeck\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Woeck\Cookies\woeck@serving-sys[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:55 . 2008-09-15 18:04 <REP> d-------- C:\Program Files\eTarget20d
2008-09-14 12:13 . 2008-09-14 12:13 <REP> d-------- C:\Program Files\iTunes
2008-09-14 12:13 . 2008-09-14 12:13 <REP> d-------- C:\Program Files\iPod
2008-09-14 12:13 . 2008-09-14 12:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 12:10 . 2008-09-14 12:11 <REP> d-------- C:\Program Files\QuickTime
2008-09-13 10:49 . 2008-09-13 10:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 10:49 . 2008-09-13 10:49 <REP> d-------- C:\Documents and Settings\Woeck\Application Data\Malwarebytes
2008-09-13 10:49 . 2008-09-13 10:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 10:49 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-13 10:49 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 18:45 . 2008-09-11 18:45 <REP> d-------- C:\Program Files\Avira
2008-09-11 18:45 . 2008-09-11 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-08 17:48 . 2008-09-08 17:48 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-09-08 17:48 . 2008-09-08 17:48 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-09-08 17:48 . 2008-09-08 17:48 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-09-08 17:48 . 2008-09-08 17:48 40 --a------ C:\WINDOWS\TSC.INI
2008-09-07 17:09 . 2008-09-07 17:09 <REP> d-------- C:\Program Files\AxBx
2008-09-07 17:07 . 2008-09-07 17:09 <REP> d-------- C:\MSNFix
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 16:47 --------- d-----w C:\Documents and Settings\Woeck\Application Data\MxBoost
2008-09-14 16:46 --------- d-----w C:\Program Files\eChanblard
2008-09-14 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-14 10:12 --------- d-----w C:\Program Files\Bonjour
2008-09-14 10:10 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-14 10:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-09-14 09:59 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-12 11:41 --------- d-----w C:\Documents and Settings\Woeck\Application Data\Azureus
2008-09-11 17:16 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-09-09 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-07 12:42 --------- d-----w C:\Program Files\Maxthon2
2008-08-16 08:46 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-08-16 08:46 --------- d-----w C:\Documents and Settings\Woeck\Application Data\Nikon
2008-07-31 19:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-28 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 20:16 --------- d-----w C:\Program Files\Nikon
2008-07-28 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-28 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-07-28 20:14 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-07-28 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nikon
2008-07-28 20:13 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-07-19 12:29 --------- d-----w C:\Program Files\Safari
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
C:\Documents and Settings\Woeck\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Maxthon2\\Maxthon.exe"=
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-18 25216]
S3 QCAbsee;QuickCam Web Logitech (0801);C:\WINDOWS\system32\DRIVERS\OVCA.sys [2001-08-18 25088]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Woeck\Application Data\Mozilla\Firefox\Profiles\erxp5ysj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ustart.org
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ustart.org
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 18:50:13
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\Woeck\LOCALS~1\Temp\RGIA.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-09-15 18:51:28
ComboFix-quarantined-files.txt 2008-09-15 16:51:12
Avant-CF: 26,036,494,336 octets libres
AprŠs-CF: 26,216,419,328 octets libres
129 --- E O F --- 2008-09-11 16:34:34
Merci d'avance, je commence à me demander si je vais pas devoir formater mon disque, ca deviens chiant pour mes contacts msn, même si j'essai d'éviter de me connecter.
Emeric
J'ai fait le scan, voici le rapport.
ComboFix 08-09-14.06 - Woeck 2008-09-15 18:48:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.658 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Woeck\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Woeck\Cookies\woeck@serving-sys[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:55 . 2008-09-15 18:04 <REP> d-------- C:\Program Files\eTarget20d
2008-09-14 12:13 . 2008-09-14 12:13 <REP> d-------- C:\Program Files\iTunes
2008-09-14 12:13 . 2008-09-14 12:13 <REP> d-------- C:\Program Files\iPod
2008-09-14 12:13 . 2008-09-14 12:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 12:10 . 2008-09-14 12:11 <REP> d-------- C:\Program Files\QuickTime
2008-09-13 10:49 . 2008-09-13 10:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 10:49 . 2008-09-13 10:49 <REP> d-------- C:\Documents and Settings\Woeck\Application Data\Malwarebytes
2008-09-13 10:49 . 2008-09-13 10:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 10:49 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-13 10:49 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 18:45 . 2008-09-11 18:45 <REP> d-------- C:\Program Files\Avira
2008-09-11 18:45 . 2008-09-11 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-08 17:48 . 2008-09-08 17:48 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-09-08 17:48 . 2008-09-08 17:48 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-09-08 17:48 . 2008-09-08 17:48 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-09-08 17:48 . 2008-09-08 17:48 40 --a------ C:\WINDOWS\TSC.INI
2008-09-07 17:09 . 2008-09-07 17:09 <REP> d-------- C:\Program Files\AxBx
2008-09-07 17:07 . 2008-09-07 17:09 <REP> d-------- C:\MSNFix
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 16:47 --------- d-----w C:\Documents and Settings\Woeck\Application Data\MxBoost
2008-09-14 16:46 --------- d-----w C:\Program Files\eChanblard
2008-09-14 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-14 10:12 --------- d-----w C:\Program Files\Bonjour
2008-09-14 10:10 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-14 10:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-09-14 09:59 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-12 11:41 --------- d-----w C:\Documents and Settings\Woeck\Application Data\Azureus
2008-09-11 17:16 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-09-09 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-07 12:42 --------- d-----w C:\Program Files\Maxthon2
2008-08-16 08:46 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-08-16 08:46 --------- d-----w C:\Documents and Settings\Woeck\Application Data\Nikon
2008-07-31 19:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-28 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 20:16 --------- d-----w C:\Program Files\Nikon
2008-07-28 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-28 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-07-28 20:14 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-07-28 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nikon
2008-07-28 20:13 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-07-19 12:29 --------- d-----w C:\Program Files\Safari
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
C:\Documents and Settings\Woeck\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Maxthon2\\Maxthon.exe"=
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-18 25216]
S3 QCAbsee;QuickCam Web Logitech (0801);C:\WINDOWS\system32\DRIVERS\OVCA.sys [2001-08-18 25088]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Woeck\Application Data\Mozilla\Firefox\Profiles\erxp5ysj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ustart.org
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ustart.org
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 18:50:13
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\Woeck\LOCALS~1\Temp\RGIA.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-09-15 18:51:28
ComboFix-quarantined-files.txt 2008-09-15 16:51:12
Avant-CF: 26,036,494,336 octets libres
AprŠs-CF: 26,216,419,328 octets libres
129 --- E O F --- 2008-09-11 16:34:34
Merci d'avance, je commence à me demander si je vais pas devoir formater mon disque, ca deviens chiant pour mes contacts msn, même si j'essai d'éviter de me connecter.
Emeric
Salut, encore une fois merci de te pencher sur mon cas !!!
J'ai fait donc un OTMoveit, dont le rapport est direct en dessous, puis SDFix, le rapport est apres !!!
File/Folder C:\DOCUME~1\Woeck\LOCALS~1\Temp\RGIA.tmp not found.
C:\Program Files\eTarget20d\Vers\en moved successfully.
C:\Program Files\eTarget20d\Vers\commun moved successfully.
C:\Program Files\eTarget20d\Vers moved successfully.
C:\Program Files\eTarget20d\Save\Vierge moved successfully.
C:\Program Files\eTarget20d\Save\Maxime essai1 moved successfully.
C:\Program Files\eTarget20d\Save\Campagne exemple 2 moved successfully.
C:\Program Files\eTarget20d\Save\Campagne exemple 1 moved successfully.
C:\Program Files\eTarget20d\Save moved successfully.
C:\Program Files\eTarget20d\Menu moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\style moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image\style4 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image\style3 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image\style2 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\include moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design\style moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design\image\style3 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design\image moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\color moved successfully.
C:\Program Files\eTarget20d\editor\toolbar moved successfully.
C:\Program Files\eTarget20d\editor\tab\include moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\style moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style9 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style8 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style7 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style6 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style5 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style4 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style3 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style2 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style1 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image moved successfully.
C:\Program Files\eTarget20d\editor\tab\design moved successfully.
C:\Program Files\eTarget20d\editor\tab moved successfully.
C:\Program Files\eTarget20d\editor\styleeditor moved successfully.
C:\Program Files\eTarget20d\editor\popup moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\style moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image\OfficeXP moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image\Office2003S moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image\Office2003 moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image moved successfully.
C:\Program Files\eTarget20d\editor\menu\design moved successfully.
C:\Program Files\eTarget20d\editor\menu moved successfully.
C:\Program Files\eTarget20d\editor\include moved successfully.
C:\Program Files\eTarget20d\editor\dialogs moved successfully.
C:\Program Files\eTarget20d\editor\design\style moved successfully.
C:\Program Files\eTarget20d\editor\design\image\Office2003S moved successfully.
C:\Program Files\eTarget20d\editor\design\image\Office2003 moved successfully.
C:\Program Files\eTarget20d\editor\design\image\Office moved successfully.
C:\Program Files\eTarget20d\editor\design\image moved successfully.
C:\Program Files\eTarget20d\editor\design moved successfully.
C:\Program Files\eTarget20d\editor\config\localization moved successfully.
C:\Program Files\eTarget20d\editor\config moved successfully.
C:\Program Files\eTarget20d\editor\add-on\pdf moved successfully.
C:\Program Files\eTarget20d\editor\add-on moved successfully.
C:\Program Files\eTarget20d\editor moved successfully.
C:\Program Files\eTarget20d\dll moved successfully.
C:\Program Files\eTarget20d moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09162008_180154
Voici le rapport, SDFix !!
[b]SDFix: Version 1.225 /b
Run by Woeck on 16/09/2008 at 18:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Woeck\Bureau\sdfix\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:30:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ebd161]
"001e3b124c83"=hex:a8,30,0b,aa,f5,94,3d,a6,fa,50,a3,f3,39,f3,e4,c5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:f3,49,20,e8,7b,ae,00,77,a2,53,38,61,6e,c9,e6,ed,2b,27,f2,35,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8d,c0,ea,fc,b0,fc,e7,07,d5,d4,a3,3a,5b,9b,d2,45,f3,..
"hdf12"=hex:fc,1b,f3,7e,4d,9a,bf,35,3b,91,3a,6d,43,c5,a1,3e,42,ab,97,04,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ae,f7,b5,c9,aa,24,81,e6,85,80,c4,55,5e,ed,f5,fd,c5,2c,b4,70,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060ebd161]
"001e3b124c83"=hex:a8,30,0b,aa,f5,94,3d,a6,fa,50,a3,f3,39,f3,e4,c5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:f3,49,20,e8,7b,ae,00,77,a2,53,38,61,6e,c9,e6,ed,2b,27,f2,35,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8d,c0,ea,fc,b0,fc,e7,07,d5,d4,a3,3a,5b,9b,d2,45,f3,..
"hdf12"=hex:fc,1b,f3,7e,4d,9a,bf,35,3b,91,3a,6d,43,c5,a1,3e,42,ab,97,04,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ae,f7,b5,c9,aa,24,81,e6,85,80,c4,55,5e,ed,f5,fd,c5,2c,b4,70,8f,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000035
"TracesSuccessful"=dword:00000003
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Maxthon2\\Maxthon.exe"="C:\\Program Files\\Maxthon2\\Maxthon.exe:*:Enabled:Maxthon Browser"
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"="C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Sun 11 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp"
Sat 15 Mar 2008 14,771,744 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT37.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\09d89c4f86a37cea40e36ccd20da027b\download\BIT4F.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BIT59.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BIT66.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BIT71.tmp"
Sat 15 Mar 2008 2,372,498 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4896e7eb404b9f0d2ec9221b3c0f425b\download\BIT24.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5857fd464a38367b479c179d651cd5d4\download\BIT4B.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\download\BIT6F.tmp"
Sat 15 Mar 2008 5,797,940 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61cb8cabb47496dec6d7e4c842c3b827\download\BIT51.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\download\BIT4C.tmp"
Sat 15 Mar 2008 8,585,061 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0a06594bec34f1a4bfbddf6cd27d688\download\BIT50.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT54.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba502b35f31a2bf19a595db79d7bef15\download\BIT25.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT72.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT26.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f32bfa5d1049b53eae766f9d37379ea6\download\BIT75.tmp"
Mon 7 Nov 2005 274,432 A..H. --- "C:\_OTMoveIt\MovedFiles\09162008_180154\Program Files\eTarget20d\AOSMTP.dll"
Wed 14 Feb 2007 331,776 A..H. --- "C:\_OTMoveIt\MovedFiles\09162008_180154\Program Files\eTarget20d\HtmlCapture.dll"
Tue 2 May 2006 237,623 A..H. --- "C:\_OTMoveIt\MovedFiles\09162008_180154\Program Files\eTarget20d\wab4wd.dll"
Mon 31 Mar 2008 32,256 A..H. --- "C:\Documents and Settings\Woeck\Bureau\woeck\zoo\Conservation\‚quid‚\Onagre\~WRL0038.tmp"
[b]Finished!/b
J'espère que tu y vois quelque chose, car je suis encore infecté, c'est sur !!!
Merci !
a+
Emeric
J'ai fait donc un OTMoveit, dont le rapport est direct en dessous, puis SDFix, le rapport est apres !!!
File/Folder C:\DOCUME~1\Woeck\LOCALS~1\Temp\RGIA.tmp not found.
C:\Program Files\eTarget20d\Vers\en moved successfully.
C:\Program Files\eTarget20d\Vers\commun moved successfully.
C:\Program Files\eTarget20d\Vers moved successfully.
C:\Program Files\eTarget20d\Save\Vierge moved successfully.
C:\Program Files\eTarget20d\Save\Maxime essai1 moved successfully.
C:\Program Files\eTarget20d\Save\Campagne exemple 2 moved successfully.
C:\Program Files\eTarget20d\Save\Campagne exemple 1 moved successfully.
C:\Program Files\eTarget20d\Save moved successfully.
C:\Program Files\eTarget20d\Menu moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\style moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image\style4 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image\style3 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image\style2 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design\image moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu\design moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\menu moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\include moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design\style moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design\image\style3 moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design\image moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\design moved successfully.
C:\Program Files\eTarget20d\editor\toolbar\color moved successfully.
C:\Program Files\eTarget20d\editor\toolbar moved successfully.
C:\Program Files\eTarget20d\editor\tab\include moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\style moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style9 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style8 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style7 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style6 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style5 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style4 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style3 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style2 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image\style1 moved successfully.
C:\Program Files\eTarget20d\editor\tab\design\image moved successfully.
C:\Program Files\eTarget20d\editor\tab\design moved successfully.
C:\Program Files\eTarget20d\editor\tab moved successfully.
C:\Program Files\eTarget20d\editor\styleeditor moved successfully.
C:\Program Files\eTarget20d\editor\popup moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\style moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image\OfficeXP moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image\Office2003S moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image\Office2003 moved successfully.
C:\Program Files\eTarget20d\editor\menu\design\image moved successfully.
C:\Program Files\eTarget20d\editor\menu\design moved successfully.
C:\Program Files\eTarget20d\editor\menu moved successfully.
C:\Program Files\eTarget20d\editor\include moved successfully.
C:\Program Files\eTarget20d\editor\dialogs moved successfully.
C:\Program Files\eTarget20d\editor\design\style moved successfully.
C:\Program Files\eTarget20d\editor\design\image\Office2003S moved successfully.
C:\Program Files\eTarget20d\editor\design\image\Office2003 moved successfully.
C:\Program Files\eTarget20d\editor\design\image\Office moved successfully.
C:\Program Files\eTarget20d\editor\design\image moved successfully.
C:\Program Files\eTarget20d\editor\design moved successfully.
C:\Program Files\eTarget20d\editor\config\localization moved successfully.
C:\Program Files\eTarget20d\editor\config moved successfully.
C:\Program Files\eTarget20d\editor\add-on\pdf moved successfully.
C:\Program Files\eTarget20d\editor\add-on moved successfully.
C:\Program Files\eTarget20d\editor moved successfully.
C:\Program Files\eTarget20d\dll moved successfully.
C:\Program Files\eTarget20d moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09162008_180154
Voici le rapport, SDFix !!
[b]SDFix: Version 1.225 /b
Run by Woeck on 16/09/2008 at 18:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Woeck\Bureau\sdfix\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:30:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ebd161]
"001e3b124c83"=hex:a8,30,0b,aa,f5,94,3d,a6,fa,50,a3,f3,39,f3,e4,c5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:f3,49,20,e8,7b,ae,00,77,a2,53,38,61,6e,c9,e6,ed,2b,27,f2,35,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8d,c0,ea,fc,b0,fc,e7,07,d5,d4,a3,3a,5b,9b,d2,45,f3,..
"hdf12"=hex:fc,1b,f3,7e,4d,9a,bf,35,3b,91,3a,6d,43,c5,a1,3e,42,ab,97,04,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ae,f7,b5,c9,aa,24,81,e6,85,80,c4,55,5e,ed,f5,fd,c5,2c,b4,70,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060ebd161]
"001e3b124c83"=hex:a8,30,0b,aa,f5,94,3d,a6,fa,50,a3,f3,39,f3,e4,c5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:f3,49,20,e8,7b,ae,00,77,a2,53,38,61,6e,c9,e6,ed,2b,27,f2,35,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8d,c0,ea,fc,b0,fc,e7,07,d5,d4,a3,3a,5b,9b,d2,45,f3,..
"hdf12"=hex:fc,1b,f3,7e,4d,9a,bf,35,3b,91,3a,6d,43,c5,a1,3e,42,ab,97,04,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ae,f7,b5,c9,aa,24,81,e6,85,80,c4,55,5e,ed,f5,fd,c5,2c,b4,70,8f,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000035
"TracesSuccessful"=dword:00000003
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Maxthon2\\Maxthon.exe"="C:\\Program Files\\Maxthon2\\Maxthon.exe:*:Enabled:Maxthon Browser"
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"="C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Sun 11 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp"
Sat 15 Mar 2008 14,771,744 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT37.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\09d89c4f86a37cea40e36ccd20da027b\download\BIT4F.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BIT59.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BIT66.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BIT71.tmp"
Sat 15 Mar 2008 2,372,498 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4896e7eb404b9f0d2ec9221b3c0f425b\download\BIT24.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5857fd464a38367b479c179d651cd5d4\download\BIT4B.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\download\BIT6F.tmp"
Sat 15 Mar 2008 5,797,940 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61cb8cabb47496dec6d7e4c842c3b827\download\BIT51.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\download\BIT4C.tmp"
Sat 15 Mar 2008 8,585,061 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0a06594bec34f1a4bfbddf6cd27d688\download\BIT50.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT54.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba502b35f31a2bf19a595db79d7bef15\download\BIT25.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT72.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT26.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f32bfa5d1049b53eae766f9d37379ea6\download\BIT75.tmp"
Mon 7 Nov 2005 274,432 A..H. --- "C:\_OTMoveIt\MovedFiles\09162008_180154\Program Files\eTarget20d\AOSMTP.dll"
Wed 14 Feb 2007 331,776 A..H. --- "C:\_OTMoveIt\MovedFiles\09162008_180154\Program Files\eTarget20d\HtmlCapture.dll"
Tue 2 May 2006 237,623 A..H. --- "C:\_OTMoveIt\MovedFiles\09162008_180154\Program Files\eTarget20d\wab4wd.dll"
Mon 31 Mar 2008 32,256 A..H. --- "C:\Documents and Settings\Woeck\Bureau\woeck\zoo\Conservation\‚quid‚\Onagre\~WRL0038.tmp"
[b]Finished!/b
J'espère que tu y vois quelque chose, car je suis encore infecté, c'est sur !!!
Merci !
a+
Emeric
