Trojan
Résolu/Fermé
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
-
24 sept. 2008 à 15:22
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 sept. 2008 à 17:14
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 sept. 2008 à 17:14
A voir également:
- Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Trojan win32 - Forum Virus
68 réponses
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
24 sept. 2008 à 17:42
24 sept. 2008 à 17:42
Nouveau nom du trojan
trojan-clicke.win32.tiny.h
c'est exactement lamême forme ( fen^tre windows security alert) mais le nom du trojan change
trojan-clicke.win32.tiny.h
c'est exactement lamême forme ( fen^tre windows security alert) mais le nom du trojan change
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
24 sept. 2008 à 17:56
24 sept. 2008 à 17:56
Il a encore changé de nom download qque chose.......
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
24 sept. 2008 à 19:49
24 sept. 2008 à 19:49
▶ Télécharge Combofix de sUBs
(c est le numéro 5 en bas de la page)
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
(c est le numéro 5 en bas de la page)
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 08:24
25 sept. 2008 à 08:24
Ok je fais ça ce matin.....
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 15:38
25 sept. 2008 à 15:38
VOILA COMBO FIX
ComboFix 08-09-24.12 - Philippe 2008-09-25 15:34:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.142 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Philippe\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Philippe\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:35 <REP> d-------- C:\Program Files\Navilog1
2008-09-24 16:34 . 2008-09-24 16:34 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Malwarebytes
2008-09-24 16:34 . 2008-09-24 16:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 16:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 16:04 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 16:04 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 16:04 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 16:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 16:04 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 16:04 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 16:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-24 16:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 16:04 . 2008-09-24 16:19 1,822 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 15:42 . 2008-09-24 15:55 1,830 --a------ C:\Documents and Settings\Orph.egd
2008-09-24 15:41 . 2008-09-24 15:55 <REP> d-------- C:\ToolBar SD
2008-09-24 11:48 . 2008-09-24 16:41 <REP> d-------- C:\Program Files\yyzkdmc
2008-09-24 11:48 . 2008-09-24 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\jspsrory
2008-09-24 11:48 . 2008-09-24 11:48 98,304 --a------ C:\WINDOWS\system32\pwbibwjq.exe
2008-09-23 08:48 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-23 08:48 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-23 08:46 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-23 08:39 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-23 08:39 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-23 08:39 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-23 08:36 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-23 08:18 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-09-23 08:01 . 2008-09-23 08:08 <REP> d-------- C:\Program Files\POP Peeper
2008-09-23 08:01 . 2008-09-25 15:33 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\POP Peeper
2008-09-19 09:57 . 2008-09-19 09:57 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\ItsLabel
2008-09-19 09:53 . 2008-09-23 08:01 <REP> d-------- C:\Program Files\EoRezo
2008-09-19 09:53 . 2008-09-19 10:00 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\EoRezo
2008-09-19 08:14 . 2008-09-23 08:01 <REP> d-------- C:\Program Files\POP Peeper(2)
2008-09-10 08:21 . 2008-09-10 08:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-05 16:01 . 2008-09-01 16:00 1,435,272 --a------ C:\WINDOWS\system32\Flash8.ocx
2008-09-05 16:00 . 2008-09-05 16:00 <REP> d-------- C:\Program Files\Wondershare
2008-08-27 17:16 . 2008-08-27 17:16 <REP> dr------- C:\Documents and Settings\Philippe\Menu D‚marrer
2008-08-27 17:15 . 2008-08-27 17:15 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-08-27 16:58 . 2008-08-27 17:16 <REP> d-------- C:\Program Files\Piratrax
2008-08-25 17:20 . 2008-08-25 17:20 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 07:28 --------- d-----w C:\Program Files\FinePixViewer
2008-09-17 11:48 --------- d-----w C:\Program Files\Unlocker
2008-08-29 07:58 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-13 13:35 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-13 13:35 --------- d-----w C:\Documents and Settings\Philippe\Application Data\TuneUp Software
2008-08-13 07:42 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Uniblue
2008-08-07 08:08 --------- d-----w C:\Program Files\DivX
2008-08-04 12:16 240,128 ----a-w C:\WINDOWS\MPAssoc.dll
2008-07-30 06:11 --------- d-----w C:\Program Files\Sun
2008-07-30 06:11 --------- d-----w C:\Program Files\Java
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:18 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-07-18 1437696]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"acten"="C:\WINDOWS\system32\pwbibwjq.exe" [2008-09-24 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\NOLIS\\Felix\\Felix.exe"=
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 76544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S0 kjdl;kjdl;C:\WINDOWS\system32\drivers\pyfbfh.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-13 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Explorer_Run-aE85JJajLV - C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\f91vo2sd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/intl/fr/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npMdm.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 15:35:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-25 15:36:55
ComboFix-quarantined-files.txt 2008-09-25 13:36:51
Avant-CF: 10ÿ667ÿ417ÿ600 octets libres
Après-CF: 10,648,276,992 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
D:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
154 --- E O F --- 2008-09-24 12:00:33
ComboFix 08-09-24.12 - Philippe 2008-09-25 15:34:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.142 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Philippe\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Philippe\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:35 <REP> d-------- C:\Program Files\Navilog1
2008-09-24 16:34 . 2008-09-24 16:34 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Malwarebytes
2008-09-24 16:34 . 2008-09-24 16:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 16:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 16:04 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 16:04 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 16:04 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 16:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 16:04 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 16:04 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 16:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-24 16:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 16:04 . 2008-09-24 16:19 1,822 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 15:42 . 2008-09-24 15:55 1,830 --a------ C:\Documents and Settings\Orph.egd
2008-09-24 15:41 . 2008-09-24 15:55 <REP> d-------- C:\ToolBar SD
2008-09-24 11:48 . 2008-09-24 16:41 <REP> d-------- C:\Program Files\yyzkdmc
2008-09-24 11:48 . 2008-09-24 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\jspsrory
2008-09-24 11:48 . 2008-09-24 11:48 98,304 --a------ C:\WINDOWS\system32\pwbibwjq.exe
2008-09-23 08:48 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-23 08:48 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-23 08:46 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-23 08:39 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-23 08:39 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-23 08:39 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-23 08:36 . 2008-09-23 08:39 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-23 08:18 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-09-23 08:01 . 2008-09-23 08:08 <REP> d-------- C:\Program Files\POP Peeper
2008-09-23 08:01 . 2008-09-25 15:33 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\POP Peeper
2008-09-19 09:57 . 2008-09-19 09:57 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\ItsLabel
2008-09-19 09:53 . 2008-09-23 08:01 <REP> d-------- C:\Program Files\EoRezo
2008-09-19 09:53 . 2008-09-19 10:00 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\EoRezo
2008-09-19 08:14 . 2008-09-23 08:01 <REP> d-------- C:\Program Files\POP Peeper(2)
2008-09-10 08:21 . 2008-09-10 08:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-05 16:01 . 2008-09-01 16:00 1,435,272 --a------ C:\WINDOWS\system32\Flash8.ocx
2008-09-05 16:00 . 2008-09-05 16:00 <REP> d-------- C:\Program Files\Wondershare
2008-08-27 17:16 . 2008-08-27 17:16 <REP> dr------- C:\Documents and Settings\Philippe\Menu D‚marrer
2008-08-27 17:15 . 2008-08-27 17:15 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-08-27 16:58 . 2008-08-27 17:16 <REP> d-------- C:\Program Files\Piratrax
2008-08-25 17:20 . 2008-08-25 17:20 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 07:28 --------- d-----w C:\Program Files\FinePixViewer
2008-09-17 11:48 --------- d-----w C:\Program Files\Unlocker
2008-08-29 07:58 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-13 13:35 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-13 13:35 --------- d-----w C:\Documents and Settings\Philippe\Application Data\TuneUp Software
2008-08-13 07:42 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Uniblue
2008-08-07 08:08 --------- d-----w C:\Program Files\DivX
2008-08-04 12:16 240,128 ----a-w C:\WINDOWS\MPAssoc.dll
2008-07-30 06:11 --------- d-----w C:\Program Files\Sun
2008-07-30 06:11 --------- d-----w C:\Program Files\Java
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:18 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-07-18 1437696]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"acten"="C:\WINDOWS\system32\pwbibwjq.exe" [2008-09-24 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\NOLIS\\Felix\\Felix.exe"=
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 76544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S0 kjdl;kjdl;C:\WINDOWS\system32\drivers\pyfbfh.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-13 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Explorer_Run-aE85JJajLV - C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\f91vo2sd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/intl/fr/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npMdm.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 15:35:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-25 15:36:55
ComboFix-quarantined-files.txt 2008-09-25 13:36:51
Avant-CF: 10ÿ667ÿ417ÿ600 octets libres
Après-CF: 10,648,276,992 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
D:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
154 --- E O F --- 2008-09-24 12:00:33
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 15:40
25 sept. 2008 à 15:40
ET HITJACTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:17, on 25/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\pwbibwjq.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Philippe\Mes documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\pwbibwjq.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [acten] C:\WINDOWS\system32\pwbibwjq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:17, on 25/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\pwbibwjq.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Philippe\Mes documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\pwbibwjq.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [acten] C:\WINDOWS\system32\pwbibwjq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 16:12
25 sept. 2008 à 16:12
Coucou personne pour m'aider ???
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
25 sept. 2008 à 16:14
25 sept. 2008 à 16:14
vas faire une analyse en ligne avec bitdefender à cette adresse :
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
Je dois partir donc je reviendrai tout à l heure pour vérifier le rapport
@+
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
Je dois partir donc je reviendrai tout à l heure pour vérifier le rapport
@+
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 16:55
25 sept. 2008 à 16:55
bit defender....
//-----------------------------------------------------------------
//
// Produit BitDefender Internet Security v10
// Produit 10.0
//
// Créé le: 25/09/2008 16:38:33
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\WINDOWS
C:\Program Files
Dossiers : 1898
Fichiers : 19314
Processus Mémoire analysés : 0
Archives : 1
Fichiers enpaquetés : 1211
Virus trouvés : 0
Fichiers infectés : 0
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 0
Erreurs I/O : 0
Temps d'analyse :=00:15:30
Fichiers/seconde :20
Définitions virus : 1809667
Plugins d'analyse : 16
Plugins archives : 43
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 4
Options d'analyse
Détection
[X] Analyser le secteur de boot
[ ] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[X] Programmes
[ ] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\DOCUME~1\Philippe\LOCALS~1\Temp\1222353513.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies
//-----------------------------------------------------------------
//
// Produit BitDefender Internet Security v10
// Produit 10.0
//
// Créé le: 25/09/2008 16:38:33
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\WINDOWS
C:\Program Files
Dossiers : 1898
Fichiers : 19314
Processus Mémoire analysés : 0
Archives : 1
Fichiers enpaquetés : 1211
Virus trouvés : 0
Fichiers infectés : 0
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 0
Erreurs I/O : 0
Temps d'analyse :=00:15:30
Fichiers/seconde :20
Définitions virus : 1809667
Plugins d'analyse : 16
Plugins archives : 43
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 4
Options d'analyse
Détection
[X] Analyser le secteur de boot
[ ] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[X] Programmes
[ ] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\DOCUME~1\Philippe\LOCALS~1\Temp\1222353513.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 16:56
25 sept. 2008 à 16:56
Rien trouvé à priori et les messages continuent d'apparaitre.....
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 17:31
25 sept. 2008 à 17:31
WOUAAAAAAAAAAAAAAAAHHHHHHHHHHHHH !!!!
Grosse grosse frayeur avec bit defender......
après avoir fait l'analyse et te l'avoir postée impossible de plus rien faire sur la bécane. Bit defender essayais d'ouvrir une fenêtre sur le net et bloquait tout.... J'ai arrêter la bécane plusieurs fois et toujours pareil, puis un moment j'ai réussi à aller dans le panneau de configuration et à restaurer la bécane à la date d'hier. Bien sûr j'ai aussi essayé avant cela de désinstaller bitdefender mais impossible.
Pour l'instant ça va mais je le redis j'ai restaurer à la date d'hier.
Put1 je me suis fait peur sur ce coup.....
Grosse grosse frayeur avec bit defender......
après avoir fait l'analyse et te l'avoir postée impossible de plus rien faire sur la bécane. Bit defender essayais d'ouvrir une fenêtre sur le net et bloquait tout.... J'ai arrêter la bécane plusieurs fois et toujours pareil, puis un moment j'ai réussi à aller dans le panneau de configuration et à restaurer la bécane à la date d'hier. Bien sûr j'ai aussi essayé avant cela de désinstaller bitdefender mais impossible.
Pour l'instant ça va mais je le redis j'ai restaurer à la date d'hier.
Put1 je me suis fait peur sur ce coup.....
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
25 sept. 2008 à 17:42
25 sept. 2008 à 17:42
Bon aller je suis obligé de partir....
a demain matin
Merci
a demain matin
Merci
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
26 sept. 2008 à 08:37
26 sept. 2008 à 08:37
un rapport hitjackthis de ce matin ......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:47, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pwbibwjq.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NOLIS\Felix\Felix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Philippe\Mes documents\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [lphccbdj0e557] C:\WINDOWS\system32\lphccbdj0e557.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [acten] C:\WINDOWS\system32\pwbibwjq.exe
O4 - HKLM\..\Policies\Explorer\Run: [aE85JJajLV] C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: AdmSmart - {134272DE-2C37-14CA-F8F5-08E00F25118C} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:47, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pwbibwjq.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NOLIS\Felix\Felix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Philippe\Mes documents\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [lphccbdj0e557] C:\WINDOWS\system32\lphccbdj0e557.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [acten] C:\WINDOWS\system32\pwbibwjq.exe
O4 - HKLM\..\Policies\Explorer\Run: [aE85JJajLV] C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: AdmSmart - {134272DE-2C37-14CA-F8F5-08E00F25118C} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
26 sept. 2008 à 08:52
26 sept. 2008 à 08:52
Coucou plus personne pour m'aider ???
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
26 sept. 2008 à 09:51
26 sept. 2008 à 09:51
Un précision encore je ne peux plus accéder à mes options internet la fenêtre refuse de s'ouvrir.....et toujours les mêmes messages pour un trojan etc...etc...etc...
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
26 sept. 2008 à 10:22
26 sept. 2008 à 10:22
Pffff trop compliqué ????? Personne pour m'aider ????
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 sept. 2008 à 14:01
26 sept. 2008 à 14:01
Salut !!
Ce n est pas que je ne veux plus t aider mais saches que je n ai pas que le forum dans la vie^^
quel est le nom exact du virus et son emplacement ??
télécharge trojan remover à cette adresse, il y a un tuto pour t aider à l utiliser correctement :
https://www.androidworld.fr/
Ce n est pas que je ne veux plus t aider mais saches que je n ai pas que le forum dans la vie^^
quel est le nom exact du virus et son emplacement ??
télécharge trojan remover à cette adresse, il y a un tuto pour t aider à l utiliser correctement :
https://www.androidworld.fr/
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
26 sept. 2008 à 14:07
26 sept. 2008 à 14:07
Merci
Non je pensais que c'était trop compliqué et que j'avais été abandonné en chemin. Je peux le comprendre chacun ses limites mais je crois qu'il faut le dire tout simplement.
Aller asser de bla bla je fais ce que tu m'a dit de faire....
Non je pensais que c'était trop compliqué et que j'avais été abandonné en chemin. Je peux le comprendre chacun ses limites mais je crois qu'il faut le dire tout simplement.
Aller asser de bla bla je fais ce que tu m'a dit de faire....
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 sept. 2008 à 14:11
26 sept. 2008 à 14:11
Je ne laisse pas tomber les gens comme ca....Si je ne sais plus quoi faire, je le dis sans les laisser dans le gaz ;-)
crac42
Messages postés
516
Date d'inscription
mercredi 24 septembre 2008
Statut
Membre
Dernière intervention
1 mars 2016
5
26 sept. 2008 à 14:15
26 sept. 2008 à 14:15
Bon voici le bloc notes de troja remover
***** THE SYSTEM HAS BEEN RESTARTED *****
26/09/2008 14:13:56: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[lphccbdj0e557] - already deleted
HKCU\Control Panel\Desktop\[SCRNSAVE.EXE] - already deleted
=======================================================
26/09/2008 14:13:56: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2545. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:10:25 26 sept. 2008
Using Database v7149
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Philippe\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Philippe\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
************************************************************
************************************************************
14:10:26: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
14:10:26: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
14:10:26: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:10:27: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 30/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: UnlockerAssistant
Value Data: "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
C:\Program Files\Unlocker\UnlockerAssistant.exe
15872 bytes
Created: 07/09/2006
Modified: 07/09/2006
Company:
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 04/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 10/06/2008
Modified: 04/02/2002
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: lphccbdj0e557
Value Data: C:\WINDOWS\system32\lphccbdj0e557.exe
C:\WINDOWS\system32\lphccbdj0e557.exe
185856 bytes
Created: 24/09/2008
Modified: 24/09/2008
Company:
C:\WINDOWS\system32\lphccbdj0e557.exe appears to contain: TRASHED.FILE
C:\WINDOWS\system32\lphccbdj0e557.exe - this registry value has been removed
C:\WINDOWS\system32\lphccbdj0e557.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\lphccbdj0e557.exe - file renamed to: C:\WINDOWS\system32\lphccbdj0e557.exe.vir
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
922192 bytes
Created: 26/09/2008
Modified: 20/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: aE85JJajLV
Value Data: C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe
C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: POP Peeper
Value Data: "C:\Program Files\POP Peeper\POPPeeper.exe" -min
C:\Program Files\POP Peeper\POPPeeper.exe
1437696 bytes
Created: 18/07/2008
Modified: 18/07/2008
Company: Mortal Universe
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: acten
Value Data: C:\WINDOWS\system32\pwbibwjq.exe
C:\WINDOWS\system32\pwbibwjq.exe
98304 bytes
Created: 24/09/2008
Modified: 24/09/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
14:11:02: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
14:11:02: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:11:02: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\blphccbdj0e557.scr
C:\WINDOWS\system32\blphccbdj0e557.scr
118784 bytes
Created: 24/09/2008
Modified: 24/09/2008
Company:
C:\WINDOWS\system32\blphccbdj0e557.scr appears to contain: TRASHED.FILE
C:\WINDOWS\system32\blphccbdj0e557.scr - process is either not running or could not be terminated
C:\WINDOWS\system32\blphccbdj0e557.scr - this reference has been removed
C:\WINDOWS\system32\blphccbdj0e557.scr - file renamed to: C:\WINDOWS\system32\blphccbdj0e557.scr.vir
--------------------
************************************************************
14:11:04: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
Key: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
102280 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company:
----------
************************************************************
14:11:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\WINDOWS\System32\uxtuneup.dll
28416 bytes
Created: 13/08/2008
Modified: 29/05/2008
Company: TuneUp Software GmbH
--------------------
************************************************************
14:11:09: Scanning ----- SERVICES REGISTRY KEYS -----
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 04/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 04/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 26/05/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 17/02/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 26/05/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BrPar
ImagePath: \SystemRoot\System32\drivers\BrPar.sys
C:\WINDOWS\System32\drivers\BrPar.sys
19537 bytes
Created: 16/02/2008
Modified: 24/07/2000
Company: Brother Industries Ltd.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 13/05/2008
Modified: 04/01/2007
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created: 07/01/2005
Modified: 13/04/2008
Company: Windows (R) Server 2003 DDK provider
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
3134976 bytes
Created: 17/02/2008
Modified: 14/06/2005
Company: Realtek Semiconductor Corp.
----------
Key: m5287
ImagePath: system32\drivers\m5287.sys
C:\WINDOWS\system32\drivers\m5287.sys
76544 bytes
Created: 16/02/2008
Modified: 15/12/2004
Company: ULi Electronics Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{84CECF2F-F269-4EFF-B4C5-E4AA23D0F0EE}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: TuneUp.Defrag
ImagePath: %SystemRoot%\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
355584 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: TuneUp Software GmbH
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 07/09/2006
Modified: 07/09/2006
Company:
----------
Key: usbsermpt
ImagePath: system32\DRIVERS\usbsermpt.sys
C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22768 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: Microsoft Corporation
----------
Key: yukonwxp
ImagePath: system32\DRIVERS\yk51x86.sys
C:\WINDOWS\system32\DRIVERS\yk51x86.sys
230400 bytes
Created: 16/02/2008
Modified: 30/03/2005
Company: Marvell
----------
************************************************************
14:11:18: Scanning -----VXD ENTRIES-----
************************************************************
14:11:18: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
14:11:18: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 04/07/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
14:11:18: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------
************************************************************
14:11:18: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 23/10/2006
Modified: 23/10/2006
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 07/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 30/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
************************************************************
14:11:19: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
14:11:19: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
14:11:19: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
14:11:19: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 26/05/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
14:11:19: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
14:11:20: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 16/02/2008
Modified: 16/02/2008
Company:
--------------------
C:\Program Files\FinePixViewer\QuickDCF2.exe
303104 bytes
Created: 10/06/2008
Modified: 30/01/2007
Company: FUJIFILM Corporation
ExifLauncher2.lnk - links to C:\Program Files\FinePixViewer\QuickDCF2.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
14:11:20: Scanning ----- SCHEDULED TASKS -----
Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Parameters: /schedulestart
Next Run Time: 26/09/2008 15:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Philippe
Comments: Lance la maintenance en 1 clic à des heures précises
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [file not found to scan]
----------
************************************************************
14:11:20: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
14:11:20: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: NoDispBackgroundPage
Value: NoDispScrSavPage
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\WS2Fix.exe - Trojan.FakeAlert
C:\WINDOWS\system32\WS2Fix.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\WS2Fix.exe - file renamed to: C:\WINDOWS\system32\WS2Fix.exe.vir
----------
Desktop Wallpaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 16/02/2008
Modified: 25/09/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 16/02/2008
Modified: 25/09/2008
Company:
----------
Additional checks completed
************************************************************
14:11:46: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[81 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[43 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[60 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[54 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[171 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[52 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[20 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[132 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
[20 loaded modules in total]
--------------------
C:\Program Files\Unlocker\UnlockerAssistant.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\POP Peeper\POPPeeper.exe - file already scanned
[79 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\WINDOWS\system32\pwbibwjq.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[15 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
[63 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[35 loaded modules in total]
--------------------
C:\Program Files\NOLIS\Felix\Felix.exe
[52 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[97 loaded modules in total]
--------------------
C:\Documents and Settings\Philippe\Application Data\Simply Super Software\Trojan Remover\yvi128.exe
FileSize: 2552384
[This is a Trojan Remover component]
[28 loaded modules in total]
--------------------
************************************************************
14:12:11: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
14:12:11: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
14:12:11: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
14:12:11: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Philippe\LOCALS~1\Temp\etilqs_cXhjGq0npJPtZpGXuHbi appears to be in-use/locked
************************************************************
14:12:11: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
No files found to scan
************************************************************
14:12:11: Scanning ------ ROOT DIRECTORY ------
************************************************************
14:12:11: ------ Scan for other files to remove ------
C:\Program Files\Inet Delivery\inetdl.exe - process is either not running or could not be terminated
C:\Program Files\Inet Delivery\inetdl.exe, associated with Bogus.Malware.File, has been deleted
C:\Program Files\Inet Delivery\intdel.exe - process is either not running or could not be terminated
C:\Program Files\Inet Delivery\intdel.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\akttzn.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\akttzn.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\anticipator.dll has been deleted
C:\WINDOWS\system32\awtoolb.dll has been deleted
C:\WINDOWS\system32\bdn.com - process is either not running or could not be terminated
C:\WINDOWS\system32\bdn.com, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\bsva-egihsg52.exe has been deleted
C:\WINDOWS\system32\dpcproxy.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\dpcproxy.exe has been deleted
C:\WINDOWS\system32\emesx.dll has been deleted
C:\WINDOWS\system32\h@tkeysh@@k.dll has been deleted
C:\WINDOWS\system32\hoproxy.dll has been deleted
C:\WINDOWS\system32\hxiwlgpm.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\hxiwlgpm.exe has been deleted
C:\WINDOWS\system32\medup012.dll has been deleted
C:\WINDOWS\system32\medup020.dll has been deleted
C:\WINDOWS\system32\msgp.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msgp.exe has been deleted
C:\WINDOWS\system32\msnbho.dll has been deleted
C:\WINDOWS\system32\mssecu.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mssecu.exe has been deleted
C:\WINDOWS\system32\msvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msvchost.exe has been deleted
C:\WINDOWS\system32\mtr2.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mtr2.exe has been deleted
C:\WINDOWS\system32\mwin32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mwin32.exe has been deleted
C:\WINDOWS\system32\netode.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\netode.exe has been deleted
C:\WINDOWS\system32\newsd32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\newsd32.exe has been deleted
C:\WINDOWS\system32\ps1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ps1.exe has been deleted
C:\WINDOWS\system32\psof1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psof1.exe has been deleted
C:\WINDOWS\system32\psoft1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psoft1.exe has been deleted
C:\WINDOWS\system32\regc64.dll has been deleted
C:\WINDOWS\system32\regm64.dll has been deleted
C:\WINDOWS\system32\Rundl1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\Rundl1.exe has been deleted
C:\WINDOWS\system32\smp\msrc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\smp\msrc.exe has been deleted
C:\WINDOWS\system32\sncntr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sncntr.exe has been deleted
C:\WINDOWS\system32\ssurf022.dll has been deleted
C:\WINDOWS\system32\ssvchost.com - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.com has been deleted
C:\WINDOWS\system32\ssvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.exe has been deleted
C:\WINDOWS\system32\sysreq.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sysreq.exe has been deleted
C:\WINDOWS\system32\taack.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\taack.exe has been deleted
C:\WINDOWS\system32\temp#01.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\temp#01.exe has been deleted
C:\WINDOWS\system32\thun32.dll has been deleted
C:\WINDOWS\system32\thun.dll has been deleted
C:\WINDOWS\system32\VBIEWER.OCX has been deleted
C:\WINDOWS\system32\vbsys2.dll has been deleted
C:\WINDOWS\system32\vcatchpi.dll has been deleted
C:\WINDOWS\system32\winlogonpc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winlogonpc.exe has been deleted
C:\WINDOWS\system32\winsystem.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winsystem.exe has been deleted
C:\WINDOWS\system32\WINWGPX.EXE - process is either not running or could not be terminated
C:\WINDOWS\system32\WINWGPX.EXE has been deleted
C:\WINDOWS\a.bat has been deleted
C:\WINDOWS\bdn.com - process is either not running or could not be terminated
C:\WINDOWS\bdn.com, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\FVProtect.exe - process is either not running or could not be terminated
C:\WINDOWS\FVProtect.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\iTunesMusic.exe - process is either not running or could not be terminated
C:\WINDOWS\iTunesMusic.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mssecu.exe - process is either not running or could not be terminated
C:\WINDOWS\mssecu.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mslagent\2_mslagent.dll, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mslagent\mslagent.exe - process is either not running or could not be terminated
C:\WINDOWS\mslagent\mslagent.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mslagent\uninstall.exe - process is either not running or could not be terminated
C:\WINDOWS\mslagent\uninstall.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\userconfig9x.dll, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\winsystem.exe - process is either not running or could not be terminated
C:\WINDOWS\winsystem.exe, associated with Bogus.Malware.File, has been deleted
----------
54 malware-related files deleted (or marked for deletion)
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 14:12:12 26 sept. 2008
Total Scan time: 00:01:45
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
26/09/2008 14:12:15: restart commenced
************************************************************
a priori il a détecté deux ou trois bebêtes .....
***** THE SYSTEM HAS BEEN RESTARTED *****
26/09/2008 14:13:56: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[lphccbdj0e557] - already deleted
HKCU\Control Panel\Desktop\[SCRNSAVE.EXE] - already deleted
=======================================================
26/09/2008 14:13:56: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2545. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:10:25 26 sept. 2008
Using Database v7149
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Philippe\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Philippe\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
************************************************************
************************************************************
14:10:26: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
14:10:26: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
14:10:26: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:10:27: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 30/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: UnlockerAssistant
Value Data: "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
C:\Program Files\Unlocker\UnlockerAssistant.exe
15872 bytes
Created: 07/09/2006
Modified: 07/09/2006
Company:
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 04/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 10/06/2008
Modified: 04/02/2002
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: lphccbdj0e557
Value Data: C:\WINDOWS\system32\lphccbdj0e557.exe
C:\WINDOWS\system32\lphccbdj0e557.exe
185856 bytes
Created: 24/09/2008
Modified: 24/09/2008
Company:
C:\WINDOWS\system32\lphccbdj0e557.exe appears to contain: TRASHED.FILE
C:\WINDOWS\system32\lphccbdj0e557.exe - this registry value has been removed
C:\WINDOWS\system32\lphccbdj0e557.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\lphccbdj0e557.exe - file renamed to: C:\WINDOWS\system32\lphccbdj0e557.exe.vir
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
922192 bytes
Created: 26/09/2008
Modified: 20/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: aE85JJajLV
Value Data: C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe
C:\Documents and Settings\Philippe\Mes documents\Downloads\AdobeFlashPlayerHD.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: POP Peeper
Value Data: "C:\Program Files\POP Peeper\POPPeeper.exe" -min
C:\Program Files\POP Peeper\POPPeeper.exe
1437696 bytes
Created: 18/07/2008
Modified: 18/07/2008
Company: Mortal Universe
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: acten
Value Data: C:\WINDOWS\system32\pwbibwjq.exe
C:\WINDOWS\system32\pwbibwjq.exe
98304 bytes
Created: 24/09/2008
Modified: 24/09/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
14:11:02: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
14:11:02: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:11:02: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\blphccbdj0e557.scr
C:\WINDOWS\system32\blphccbdj0e557.scr
118784 bytes
Created: 24/09/2008
Modified: 24/09/2008
Company:
C:\WINDOWS\system32\blphccbdj0e557.scr appears to contain: TRASHED.FILE
C:\WINDOWS\system32\blphccbdj0e557.scr - process is either not running or could not be terminated
C:\WINDOWS\system32\blphccbdj0e557.scr - this reference has been removed
C:\WINDOWS\system32\blphccbdj0e557.scr - file renamed to: C:\WINDOWS\system32\blphccbdj0e557.scr.vir
--------------------
************************************************************
14:11:04: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
Key: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
102280 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company:
----------
************************************************************
14:11:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\WINDOWS\System32\uxtuneup.dll
28416 bytes
Created: 13/08/2008
Modified: 29/05/2008
Company: TuneUp Software GmbH
--------------------
************************************************************
14:11:09: Scanning ----- SERVICES REGISTRY KEYS -----
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 04/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 04/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 26/05/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 17/02/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 26/05/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BrPar
ImagePath: \SystemRoot\System32\drivers\BrPar.sys
C:\WINDOWS\System32\drivers\BrPar.sys
19537 bytes
Created: 16/02/2008
Modified: 24/07/2000
Company: Brother Industries Ltd.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 13/05/2008
Modified: 04/01/2007
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created: 07/01/2005
Modified: 13/04/2008
Company: Windows (R) Server 2003 DDK provider
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
3134976 bytes
Created: 17/02/2008
Modified: 14/06/2005
Company: Realtek Semiconductor Corp.
----------
Key: m5287
ImagePath: system32\drivers\m5287.sys
C:\WINDOWS\system32\drivers\m5287.sys
76544 bytes
Created: 16/02/2008
Modified: 15/12/2004
Company: ULi Electronics Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{84CECF2F-F269-4EFF-B4C5-E4AA23D0F0EE}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: TuneUp.Defrag
ImagePath: %SystemRoot%\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
355584 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: TuneUp Software GmbH
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 07/09/2006
Modified: 07/09/2006
Company:
----------
Key: usbsermpt
ImagePath: system32\DRIVERS\usbsermpt.sys
C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22768 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: Microsoft Corporation
----------
Key: yukonwxp
ImagePath: system32\DRIVERS\yk51x86.sys
C:\WINDOWS\system32\DRIVERS\yk51x86.sys
230400 bytes
Created: 16/02/2008
Modified: 30/03/2005
Company: Marvell
----------
************************************************************
14:11:18: Scanning -----VXD ENTRIES-----
************************************************************
14:11:18: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
14:11:18: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 04/07/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
14:11:18: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------
************************************************************
14:11:18: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 23/10/2006
Modified: 23/10/2006
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 07/07/2008
Modified: 29/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 30/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
************************************************************
14:11:19: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
14:11:19: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
14:11:19: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
14:11:19: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 26/05/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
14:11:19: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
14:11:20: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 16/02/2008
Modified: 16/02/2008
Company:
--------------------
C:\Program Files\FinePixViewer\QuickDCF2.exe
303104 bytes
Created: 10/06/2008
Modified: 30/01/2007
Company: FUJIFILM Corporation
ExifLauncher2.lnk - links to C:\Program Files\FinePixViewer\QuickDCF2.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
14:11:20: Scanning ----- SCHEDULED TASKS -----
Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Parameters: /schedulestart
Next Run Time: 26/09/2008 15:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Philippe
Comments: Lance la maintenance en 1 clic à des heures précises
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [file not found to scan]
----------
************************************************************
14:11:20: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
14:11:20: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: NoDispBackgroundPage
Value: NoDispScrSavPage
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\WS2Fix.exe - Trojan.FakeAlert
C:\WINDOWS\system32\WS2Fix.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\WS2Fix.exe - file renamed to: C:\WINDOWS\system32\WS2Fix.exe.vir
----------
Desktop Wallpaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 16/02/2008
Modified: 25/09/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 16/02/2008
Modified: 25/09/2008
Company:
----------
Additional checks completed
************************************************************
14:11:46: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[81 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[43 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[60 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[54 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[171 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[52 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[20 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[132 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
[20 loaded modules in total]
--------------------
C:\Program Files\Unlocker\UnlockerAssistant.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\POP Peeper\POPPeeper.exe - file already scanned
[79 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\WINDOWS\system32\pwbibwjq.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[15 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
[63 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[35 loaded modules in total]
--------------------
C:\Program Files\NOLIS\Felix\Felix.exe
[52 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[97 loaded modules in total]
--------------------
C:\Documents and Settings\Philippe\Application Data\Simply Super Software\Trojan Remover\yvi128.exe
FileSize: 2552384
[This is a Trojan Remover component]
[28 loaded modules in total]
--------------------
************************************************************
14:12:11: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
14:12:11: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
14:12:11: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
14:12:11: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Philippe\LOCALS~1\Temp\etilqs_cXhjGq0npJPtZpGXuHbi appears to be in-use/locked
************************************************************
14:12:11: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
No files found to scan
************************************************************
14:12:11: Scanning ------ ROOT DIRECTORY ------
************************************************************
14:12:11: ------ Scan for other files to remove ------
C:\Program Files\Inet Delivery\inetdl.exe - process is either not running or could not be terminated
C:\Program Files\Inet Delivery\inetdl.exe, associated with Bogus.Malware.File, has been deleted
C:\Program Files\Inet Delivery\intdel.exe - process is either not running or could not be terminated
C:\Program Files\Inet Delivery\intdel.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\akttzn.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\akttzn.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\anticipator.dll has been deleted
C:\WINDOWS\system32\awtoolb.dll has been deleted
C:\WINDOWS\system32\bdn.com - process is either not running or could not be terminated
C:\WINDOWS\system32\bdn.com, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\bsva-egihsg52.exe has been deleted
C:\WINDOWS\system32\dpcproxy.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\dpcproxy.exe has been deleted
C:\WINDOWS\system32\emesx.dll has been deleted
C:\WINDOWS\system32\h@tkeysh@@k.dll has been deleted
C:\WINDOWS\system32\hoproxy.dll has been deleted
C:\WINDOWS\system32\hxiwlgpm.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\hxiwlgpm.exe has been deleted
C:\WINDOWS\system32\medup012.dll has been deleted
C:\WINDOWS\system32\medup020.dll has been deleted
C:\WINDOWS\system32\msgp.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msgp.exe has been deleted
C:\WINDOWS\system32\msnbho.dll has been deleted
C:\WINDOWS\system32\mssecu.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mssecu.exe has been deleted
C:\WINDOWS\system32\msvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msvchost.exe has been deleted
C:\WINDOWS\system32\mtr2.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mtr2.exe has been deleted
C:\WINDOWS\system32\mwin32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mwin32.exe has been deleted
C:\WINDOWS\system32\netode.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\netode.exe has been deleted
C:\WINDOWS\system32\newsd32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\newsd32.exe has been deleted
C:\WINDOWS\system32\ps1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ps1.exe has been deleted
C:\WINDOWS\system32\psof1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psof1.exe has been deleted
C:\WINDOWS\system32\psoft1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psoft1.exe has been deleted
C:\WINDOWS\system32\regc64.dll has been deleted
C:\WINDOWS\system32\regm64.dll has been deleted
C:\WINDOWS\system32\Rundl1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\Rundl1.exe has been deleted
C:\WINDOWS\system32\smp\msrc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\smp\msrc.exe has been deleted
C:\WINDOWS\system32\sncntr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sncntr.exe has been deleted
C:\WINDOWS\system32\ssurf022.dll has been deleted
C:\WINDOWS\system32\ssvchost.com - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.com has been deleted
C:\WINDOWS\system32\ssvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.exe has been deleted
C:\WINDOWS\system32\sysreq.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sysreq.exe has been deleted
C:\WINDOWS\system32\taack.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\taack.exe has been deleted
C:\WINDOWS\system32\temp#01.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\temp#01.exe has been deleted
C:\WINDOWS\system32\thun32.dll has been deleted
C:\WINDOWS\system32\thun.dll has been deleted
C:\WINDOWS\system32\VBIEWER.OCX has been deleted
C:\WINDOWS\system32\vbsys2.dll has been deleted
C:\WINDOWS\system32\vcatchpi.dll has been deleted
C:\WINDOWS\system32\winlogonpc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winlogonpc.exe has been deleted
C:\WINDOWS\system32\winsystem.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winsystem.exe has been deleted
C:\WINDOWS\system32\WINWGPX.EXE - process is either not running or could not be terminated
C:\WINDOWS\system32\WINWGPX.EXE has been deleted
C:\WINDOWS\a.bat has been deleted
C:\WINDOWS\bdn.com - process is either not running or could not be terminated
C:\WINDOWS\bdn.com, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\FVProtect.exe - process is either not running or could not be terminated
C:\WINDOWS\FVProtect.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\iTunesMusic.exe - process is either not running or could not be terminated
C:\WINDOWS\iTunesMusic.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mssecu.exe - process is either not running or could not be terminated
C:\WINDOWS\mssecu.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mslagent\2_mslagent.dll, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mslagent\mslagent.exe - process is either not running or could not be terminated
C:\WINDOWS\mslagent\mslagent.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\mslagent\uninstall.exe - process is either not running or could not be terminated
C:\WINDOWS\mslagent\uninstall.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\userconfig9x.dll, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\winsystem.exe - process is either not running or could not be terminated
C:\WINDOWS\winsystem.exe, associated with Bogus.Malware.File, has been deleted
----------
54 malware-related files deleted (or marked for deletion)
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 14:12:12 26 sept. 2008
Total Scan time: 00:01:45
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
26/09/2008 14:12:15: restart commenced
************************************************************
a priori il a détecté deux ou trois bebêtes .....
