Spyware destroytracks insupprimable... help
nathrv
-
nathrv -
nathrv -
Bonjour,
J'ai chopé un spyware depuis 1 semaine et impossible de m'en débarasser (le spyware consiste à me rediriger inlassablement sur des sites destroytacks.com et alphawipe.com via la barre d'outil google search dans ie7). Avast, AVG Anti-spyware et Rogue Remover ne m'ont pas réussi à l'éradiquer complètement.
Voici le rapport de HiJackThis, merci pour votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:02, on 17/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NVideoSupport Class - {15C3F151-CC22-4146-8F73-05D0CD987982} - C:\Windows\system32nvideo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Quick Access Toolbar - {1813785D-9CFB-45A0-9CBC-3E84F7A8471F} - C:\Windows\system32GSearchTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [alert.exe] C:\windows\system32\alert.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: China Adoption Progress Report.lnk = C:\Program Files\China Adoption Progress Report\capr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223760205553&h=390fec9fc86bae4b3868fb4c5577e5a1/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
J'ai chopé un spyware depuis 1 semaine et impossible de m'en débarasser (le spyware consiste à me rediriger inlassablement sur des sites destroytacks.com et alphawipe.com via la barre d'outil google search dans ie7). Avast, AVG Anti-spyware et Rogue Remover ne m'ont pas réussi à l'éradiquer complètement.
Voici le rapport de HiJackThis, merci pour votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:02, on 17/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NVideoSupport Class - {15C3F151-CC22-4146-8F73-05D0CD987982} - C:\Windows\system32nvideo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Quick Access Toolbar - {1813785D-9CFB-45A0-9CBC-3E84F7A8471F} - C:\Windows\system32GSearchTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [alert.exe] C:\windows\system32\alert.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: China Adoption Progress Report.lnk = C:\Program Files\China Adoption Progress Report\capr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223760205553&h=390fec9fc86bae4b3868fb4c5577e5a1/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
A voir également:
- Spyware destroytracks insupprimable... help
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Logiciel pour supprimer fichier insupprimable - Guide
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Spyware blaster - Télécharger - Antivirus & Antimalwares
- Anti spyware gratuit - Télécharger - Antivirus & Antimalwares
4 réponses
slt analyse ces deux fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/
C:\Windows\system32nvideo.dll
C:\windows\system32\alert.exe
________________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
C:\Windows\system32nvideo.dll
C:\windows\system32\alert.exe
________________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
:files
C:\Windows\system32nvideo.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
:files
C:\Windows\system32nvideo.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
rapport OTMoveIt pour le fichier C:\Windows\system32nvideo.dll
Error: Unable to interpret <C:\Windows\system32nvideo.dll > in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_232158
rapport OTMoveIt pour le fichier C:\Windows\system32\nvideo.dll
Error: Unable to interpret < C:\Windows\system32\nvideo.dll > in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_232237
======================================================================
======================================================================
rapport combofix :
ComboFix 08-11-18.02 - Nathalie & Hervé 2008-11-18 22:56:59.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.300 [GMT 1:00]
Lancé depuis: c:\users\Nathalie & Hervé\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Update.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 22:48 . 2008-11-18 22:48 <REP> d-------- C:\_OTMoveIt
2008-11-17 20:56 . 2008-11-17 20:57 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-17 20:49 . 2008-11-18 20:13 3,616 --a------ c:\windows\System32\tmp.reg
2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Grisoft
2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\users\All Users\Grisoft
2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\programdata\Grisoft
2008-11-15 15:04 . 2007-05-30 13:10 10,872 --a------ c:\windows\System32\drivers\AvgAsCln.sys
2008-11-15 14:51 . 2008-11-15 14:51 <REP> d-------- c:\program files\Trend Micro
2008-11-12 18:56 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 18:53 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 18:47 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:08 . 2008-11-11 21:11 196,608 --a------ c:\windows\system32nvideo.dll
2008-11-11 21:08 . 2008-11-11 21:11 167,936 --a------ c:\windows\system32GSearchTB.dll
2008-11-11 21:08 . 2008-11-11 21:08 57,344 --a------ c:\windows\System32\MalwareKiller.exe
2008-10-28 23:37 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:37 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 23:37 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 21:00 . 2008-10-27 21:00 <REP> d-------- c:\users\All Users\WindowsSearch
2008-10-27 21:00 . 2008-10-27 21:00 <REP> d-------- c:\programdata\WindowsSearch
2008-10-26 12:54 . 2008-11-03 22:53 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\FileZilla
2008-10-26 12:54 . 2008-10-26 12:54 <REP> d-------- c:\program files\FileZilla FTP Client
2008-10-26 12:45 . 2008-10-26 12:54 <REP> d-------- c:\program files\LeechFTP
2008-10-26 12:45 . 1998-07-08 17:30 18,944 --a------ c:\windows\eraser.exe
2008-10-22 21:31 . 2008-10-22 21:31 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\LinkedIn
2008-10-19 17:26 . 2008-10-19 17:26 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Blackberry Desktop
2008-10-19 10:52 . 2008-10-19 10:52 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Research In Motion
2008-10-19 10:03 . 2008-10-19 10:03 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2008-10-19 10:02 . 2008-10-19 10:03 <REP> d-------- c:\program files\Roxio
2008-10-19 10:02 . 2008-10-19 10:02 <REP> d-------- c:\program files\Common Files\Sonic Shared
2008-10-19 09:51 . 2008-10-19 09:51 <REP> d-------- c:\program files\Research In Motion
2008-10-19 09:51 . 2008-10-28 22:37 <REP> d-------- c:\program files\Common Files\Research In Motion
2008-10-18 14:01 . 2008-10-18 14:01 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-10-18 14:01 . 2008-10-18 14:01 <REP> d-------- c:\programdata\Messenger Plus!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 22:02 2,359,296 --sha-w c:\users\Nathalie & Hervé\NTUSER.DAT
2008-11-18 22:02 2,359,296 --sha-w c:\users\Nathalie & Hervé\NTUSER.DAT
2008-11-15 14:04 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Grisoft
2008-11-12 23:12 --------- d-----w c:\programdata\Microsoft Help
2008-11-11 20:41 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\NewsBin
2008-11-11 20:11 --------- d-----w c:\program files\NewsBin
2008-11-11 20:08 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\LimeWire
2008-11-11 20:08 --------- d-----w c:\program files\LimeWire
2008-11-03 21:53 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\FileZilla
2008-10-22 20:31 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\LinkedIn
2008-10-19 16:26 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Blackberry Desktop
2008-10-19 09:52 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Research In Motion
2008-10-19 09:48 --------- d-----w c:\programdata\Logishrd
2008-10-19 09:03 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-19 09:02 --------- d-----w c:\programdata\Roxio
2008-10-19 07:31 --------- d-----w c:\program files\Rar Repair Tool
2008-10-17 20:41 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Leadertech
2008-10-17 20:41 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-17 20:40 --------- d-----w c:\program files\Logitech
2008-10-17 20:40 --------- d-----w c:\program files\Common Files\Logitech
2008-10-17 20:20 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-17 04:47 --------- d-----w c:\program files\Windows Mail
2008-10-11 21:28 --------- d-----w c:\program files\Java
2008-10-11 21:24 --------- d-----w c:\program files\Common Files\Java
2008-10-06 19:15 --------- d-----w c:\program files\XPC Tools
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 19:34 --------- d-s---w c:\users\Nathalie & Hervé\AppData\Roaming\Microsoft
2008-09-28 18:09 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Roxio
2008-09-28 18:01 --------- d-----w c:\programdata\InstallShield
2008-09-28 18:00 --------- d-----w c:\programdata\Sonic
2008-09-28 17:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-27 18:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-22 21:19 --------- d-----w c:\programdata\Office Genuine Advantage
2008-09-22 18:01 --------- d-----w c:\program files\MSXML 4.0
2008-09-22 18:01 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-21 21:24 --------- d--h--w c:\program files\CanonBJ
2008-09-21 18:27 --------- d-----w c:\program files\Canon
2008-09-21 17:55 --------- d-----w c:\programdata\Logitech
2008-09-21 08:57 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-20 18:19 --------- d-----w c:\program files\QuickPar
2008-09-20 10:48 --------- d-----w c:\program files\China Adoption Progress Report
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-14 17:19 174 --sha-w c:\program files\desktop.ini
2008-09-14 16:50 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-14 16:50 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-14 08:39 269,312 ----a-w c:\windows\System32\es.dll
2008-09-13 19:39 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-13 19:39 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-13 19:39 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-13 19:39 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-13 19:37 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-09-13 19:37 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-09-13 19:37 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-09-13 19:37 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-09-13 19:37 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-13 19:37 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-09-13 19:37 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-13 19:37 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-09-13 19:27 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-13 19:25 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-13 19:13 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-09-13 19:11 988,216 ----a-w c:\windows\System32\winload.exe
2008-09-13 19:11 927,288 ----a-w c:\windows\System32\winresume.exe
2008-09-13 19:11 615,992 ----a-w c:\windows\System32\ci.dll
2008-09-13 19:11 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-09-13 19:11 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-09-13 19:11 40,960 ----a-w c:\windows\System32\srclient.dll
2008-09-13 19:11 378,368 ----a-w c:\windows\System32\srcore.dll
2008-09-13 19:11 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-09-13 19:11 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-09-13 19:11 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-09-13 19:09 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-09-13 19:06 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-13 19:04 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-13 19:04 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-09-13 19:04 1,314,816 ----a-w c:\windows\System32\quartz.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-28 133656]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
c:\users\Nathalie & Herv‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
China Adoption Progress Report.lnk - c:\program files\China Adoption Progress Report\capr.exe [2008-02-04 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D4BF2266-06C2-4D99-BF82-B7552736AA59}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{AA65123A-D407-4224-B4E4-637ED25D8D3A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{487850AA-F4C0-4CCD-890C-D0E72AA56787}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FAFC9690-A199-4165-8B60-4B608CBC9018}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B9027560-DFB4-4893-B517-973CB619E485}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2BDC21AA-ED91-4E98-93B6-C4A21C7B4145}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{49CEBB07-A77F-436C-8901-0E50478B931E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{DB0731DD-E1F2-45C6-8557-A49190A864D1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{15A4C545-AA3C-40A8-8476-DFE21841C2B1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F0D0F157-9303-4E09-BB17-ECB5D2AB1565}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C272708A-60F4-4DF4-BC4B-0F282F4F4FBE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{77AE6809-69AC-4AC3-B6D0-D3C5823A8749}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ACECD69F-74FB-4C9B-BC8F-96C3072A6D71}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F40BFF19-6A39-425E-9FCA-4E4CD5F85ABE}c:\\program files\\leechftp\\leechftp.exe"= UDP:c:\program files\leechftp\leechftp.exe:LeechFTP
"UDP Query User{C16AC4EC-E154-4B97-BE49-1C2E3E8AE4D7}c:\\program files\\leechftp\\leechftp.exe"= TCP:c:\program files\leechftp\leechftp.exe:LeechFTP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-14 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-09-14 51280]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-14 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681cbe0a-8265-11dd-a85c-001641b1e969}]
\shell\AutoRun\command - E:\SETUP.EXE
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-18 c:\windows\Tasks\User_Feed_Synchronization-{B53B6D6B-6856-4748-B963-EA76D0199114}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:02:01
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-18 23:04:09
ComboFix-quarantined-files.txt 2008-11-18 22:04:02
Avant-CF: 26 920 796 160 octets libres
Après-CF: 27,472,179,200 octets libres
202 --- E O F --- 2008-11-16 02:01:50
Error: Unable to interpret <C:\Windows\system32nvideo.dll > in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_232158
rapport OTMoveIt pour le fichier C:\Windows\system32\nvideo.dll
Error: Unable to interpret < C:\Windows\system32\nvideo.dll > in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_232237
======================================================================
======================================================================
rapport combofix :
ComboFix 08-11-18.02 - Nathalie & Hervé 2008-11-18 22:56:59.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.300 [GMT 1:00]
Lancé depuis: c:\users\Nathalie & Hervé\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Update.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 22:48 . 2008-11-18 22:48 <REP> d-------- C:\_OTMoveIt
2008-11-17 20:56 . 2008-11-17 20:57 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-17 20:49 . 2008-11-18 20:13 3,616 --a------ c:\windows\System32\tmp.reg
2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Grisoft
2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\users\All Users\Grisoft
2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\programdata\Grisoft
2008-11-15 15:04 . 2007-05-30 13:10 10,872 --a------ c:\windows\System32\drivers\AvgAsCln.sys
2008-11-15 14:51 . 2008-11-15 14:51 <REP> d-------- c:\program files\Trend Micro
2008-11-12 18:56 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 18:53 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 18:47 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:08 . 2008-11-11 21:11 196,608 --a------ c:\windows\system32nvideo.dll
2008-11-11 21:08 . 2008-11-11 21:11 167,936 --a------ c:\windows\system32GSearchTB.dll
2008-11-11 21:08 . 2008-11-11 21:08 57,344 --a------ c:\windows\System32\MalwareKiller.exe
2008-10-28 23:37 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:37 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 23:37 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 21:00 . 2008-10-27 21:00 <REP> d-------- c:\users\All Users\WindowsSearch
2008-10-27 21:00 . 2008-10-27 21:00 <REP> d-------- c:\programdata\WindowsSearch
2008-10-26 12:54 . 2008-11-03 22:53 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\FileZilla
2008-10-26 12:54 . 2008-10-26 12:54 <REP> d-------- c:\program files\FileZilla FTP Client
2008-10-26 12:45 . 2008-10-26 12:54 <REP> d-------- c:\program files\LeechFTP
2008-10-26 12:45 . 1998-07-08 17:30 18,944 --a------ c:\windows\eraser.exe
2008-10-22 21:31 . 2008-10-22 21:31 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\LinkedIn
2008-10-19 17:26 . 2008-10-19 17:26 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Blackberry Desktop
2008-10-19 10:52 . 2008-10-19 10:52 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Research In Motion
2008-10-19 10:03 . 2008-10-19 10:03 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2008-10-19 10:02 . 2008-10-19 10:03 <REP> d-------- c:\program files\Roxio
2008-10-19 10:02 . 2008-10-19 10:02 <REP> d-------- c:\program files\Common Files\Sonic Shared
2008-10-19 09:51 . 2008-10-19 09:51 <REP> d-------- c:\program files\Research In Motion
2008-10-19 09:51 . 2008-10-28 22:37 <REP> d-------- c:\program files\Common Files\Research In Motion
2008-10-18 14:01 . 2008-10-18 14:01 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-10-18 14:01 . 2008-10-18 14:01 <REP> d-------- c:\programdata\Messenger Plus!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 22:02 2,359,296 --sha-w c:\users\Nathalie & Hervé\NTUSER.DAT
2008-11-18 22:02 2,359,296 --sha-w c:\users\Nathalie & Hervé\NTUSER.DAT
2008-11-15 14:04 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Grisoft
2008-11-12 23:12 --------- d-----w c:\programdata\Microsoft Help
2008-11-11 20:41 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\NewsBin
2008-11-11 20:11 --------- d-----w c:\program files\NewsBin
2008-11-11 20:08 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\LimeWire
2008-11-11 20:08 --------- d-----w c:\program files\LimeWire
2008-11-03 21:53 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\FileZilla
2008-10-22 20:31 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\LinkedIn
2008-10-19 16:26 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Blackberry Desktop
2008-10-19 09:52 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Research In Motion
2008-10-19 09:48 --------- d-----w c:\programdata\Logishrd
2008-10-19 09:03 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-19 09:02 --------- d-----w c:\programdata\Roxio
2008-10-19 07:31 --------- d-----w c:\program files\Rar Repair Tool
2008-10-17 20:41 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Leadertech
2008-10-17 20:41 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-17 20:40 --------- d-----w c:\program files\Logitech
2008-10-17 20:40 --------- d-----w c:\program files\Common Files\Logitech
2008-10-17 20:20 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-17 04:47 --------- d-----w c:\program files\Windows Mail
2008-10-11 21:28 --------- d-----w c:\program files\Java
2008-10-11 21:24 --------- d-----w c:\program files\Common Files\Java
2008-10-06 19:15 --------- d-----w c:\program files\XPC Tools
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 19:34 --------- d-s---w c:\users\Nathalie & Hervé\AppData\Roaming\Microsoft
2008-09-28 18:09 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Roxio
2008-09-28 18:01 --------- d-----w c:\programdata\InstallShield
2008-09-28 18:00 --------- d-----w c:\programdata\Sonic
2008-09-28 17:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-27 18:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-22 21:19 --------- d-----w c:\programdata\Office Genuine Advantage
2008-09-22 18:01 --------- d-----w c:\program files\MSXML 4.0
2008-09-22 18:01 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-21 21:24 --------- d--h--w c:\program files\CanonBJ
2008-09-21 18:27 --------- d-----w c:\program files\Canon
2008-09-21 17:55 --------- d-----w c:\programdata\Logitech
2008-09-21 08:57 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-20 18:19 --------- d-----w c:\program files\QuickPar
2008-09-20 10:48 --------- d-----w c:\program files\China Adoption Progress Report
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-14 17:19 174 --sha-w c:\program files\desktop.ini
2008-09-14 16:50 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-14 16:50 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-14 08:39 269,312 ----a-w c:\windows\System32\es.dll
2008-09-13 19:39 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-13 19:39 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-13 19:39 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-13 19:39 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-13 19:37 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-09-13 19:37 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-09-13 19:37 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-09-13 19:37 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-09-13 19:37 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-13 19:37 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-09-13 19:37 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-13 19:37 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-09-13 19:27 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-13 19:25 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-13 19:13 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-09-13 19:11 988,216 ----a-w c:\windows\System32\winload.exe
2008-09-13 19:11 927,288 ----a-w c:\windows\System32\winresume.exe
2008-09-13 19:11 615,992 ----a-w c:\windows\System32\ci.dll
2008-09-13 19:11 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-09-13 19:11 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-09-13 19:11 40,960 ----a-w c:\windows\System32\srclient.dll
2008-09-13 19:11 378,368 ----a-w c:\windows\System32\srcore.dll
2008-09-13 19:11 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-09-13 19:11 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-09-13 19:11 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-09-13 19:09 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-09-13 19:06 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-13 19:04 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-13 19:04 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-09-13 19:04 1,314,816 ----a-w c:\windows\System32\quartz.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-28 133656]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
c:\users\Nathalie & Herv‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
China Adoption Progress Report.lnk - c:\program files\China Adoption Progress Report\capr.exe [2008-02-04 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D4BF2266-06C2-4D99-BF82-B7552736AA59}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{AA65123A-D407-4224-B4E4-637ED25D8D3A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{487850AA-F4C0-4CCD-890C-D0E72AA56787}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FAFC9690-A199-4165-8B60-4B608CBC9018}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B9027560-DFB4-4893-B517-973CB619E485}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2BDC21AA-ED91-4E98-93B6-C4A21C7B4145}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{49CEBB07-A77F-436C-8901-0E50478B931E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{DB0731DD-E1F2-45C6-8557-A49190A864D1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{15A4C545-AA3C-40A8-8476-DFE21841C2B1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F0D0F157-9303-4E09-BB17-ECB5D2AB1565}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C272708A-60F4-4DF4-BC4B-0F282F4F4FBE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{77AE6809-69AC-4AC3-B6D0-D3C5823A8749}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ACECD69F-74FB-4C9B-BC8F-96C3072A6D71}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F40BFF19-6A39-425E-9FCA-4E4CD5F85ABE}c:\\program files\\leechftp\\leechftp.exe"= UDP:c:\program files\leechftp\leechftp.exe:LeechFTP
"UDP Query User{C16AC4EC-E154-4B97-BE49-1C2E3E8AE4D7}c:\\program files\\leechftp\\leechftp.exe"= TCP:c:\program files\leechftp\leechftp.exe:LeechFTP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-14 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-09-14 51280]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-14 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681cbe0a-8265-11dd-a85c-001641b1e969}]
\shell\AutoRun\command - E:\SETUP.EXE
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-18 c:\windows\Tasks\User_Feed_Synchronization-{B53B6D6B-6856-4748-B963-EA76D0199114}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:02:01
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-18 23:04:09
ComboFix-quarantined-files.txt 2008-11-18 22:04:02
Avant-CF: 26 920 796 160 octets libres
Après-CF: 27,472,179,200 octets libres
202 --- E O F --- 2008-11-16 02:01:50
Voici les rapports demandés :
=============================================================
=============================================================
ANALYSE VIRUS TOTAL DU FICHIER C:\Windows\system32nvideo.dll
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.18.2 2008.11.18 -
AntiVir 7.9.0.31 2008.11.18 ADSPY/Bho.ade
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.18 -
CAT-QuickHeal 10.00 2008.11.18 -
ClamAV 0.94.1 2008.11.18 -
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.18 -
Fortinet 3.117.0.0 2008.11.18 -
GData 19 2008.11.18 -
Ikarus T3.1.1.45.0 2008.11.18 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3621 2008.11.18 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 -
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.18 -
Rising 21.04.12.00 2008.11.18 -
SecureWeb-Gateway 6.7.6 2008.11.18 Ad-Spyware.Bho.ade
Sophos 4.35.0 2008.11.18 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.18 TROJ_ROBOTASK.A
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.17 -
Information additionnelle
File size: 196608 bytes
MD5...: 9607e1f3acca571195c60f697268c401
SHA1..: f39ece3262ebea7a82c0dd818d5896594d628337
SHA256: bf056e68eb54d00fd697188ba908f2295ac7e388144d32d717b5fa61cfcee4e3
SHA512: ec724fa9110e9a52b835fcdf19ae59dee0b4c45f5f7cad104a162c5ffecdca74
0a26e230bd42fb8bd980b9282a36ac3157b6c9216b82abe71b3c935c5e0ca76d
PEiD..: -
TrID..: File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10014c92
timedatestamp.....: 0x4875c4c1 (Thu Jul 10 08:13:53 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x21e56 0x22000 6.65 bbbd7b59e9391477daa0dc3ddb05f0a6
.rdata 0x23000 0x76f3 0x7800 5.14 75ba034999da2a05bd5df0cd1111ad89
.data 0x2b000 0x3bbc 0x1e00 4.10 803852160154c27778aa2e6d762e2a1d
.rsrc 0x2f000 0x10e0 0x1200 4.77 366fa186433c3675aa409c537b83fe64
.reloc 0x31000 0x3230 0x3400 4.94 3e14cb08e91c4fdf205110fd8816d465
( 8 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WS2_32.dll: WSASend, WSAGetOverlappedResult, WSARecv, WSACreateEvent, WSASetEvent, WSAEventSelect, WSACloseEvent, WSASocketA, WSAEnumNetworkEvents, WSAConnect, WSAResetEvent
> KERNEL32.dll: GetConsoleCP, SetFilePointer, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, FindResourceA, SizeofResource, LockResource, LoadResource, FindResourceExA, WideCharToMultiByte, InitializeCriticalSection, HeapAlloc, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetLastError, GetSystemDirectoryA, lstrlenA, HeapFree, LoadLibraryA, GetProcAddress, FreeLibrary, WaitForSingleObject, GetProcessHeap, MultiByteToWideChar, HeapReAlloc, InterlockedDecrement, lstrcmpiA, GetConsoleMode, GetThreadLocale, SetThreadLocale, LoadLibraryExA, GetModuleHandleA, RaiseException, GetModuleFileNameA, lstrlenW, InterlockedIncrement, CloseHandle, CreateFileA, GetWindowsDirectoryA, lstrcmpA, GetFileSize, lstrcpynA, lstrcatA, CreateFileMappingA, MapViewOfFileEx, UnmapViewOfFile, InterlockedExchange, SetLastError, VirtualProtect, FlushInstructionCache, GetCurrentProcess, VirtualQuery, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, LCMapStringW, LCMapStringA, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, IsDBCSLeadByte, Sleep, GetStringTypeW, GetStringTypeA, GetStdHandle, WriteFile, ExitProcess, HeapCreate, VirtualFree, IsValidCodePage, GetOEMCP, GetCPInfo, RtlUnwind, GetCommandLineA, GetCurrentThreadId, GetSystemInfo, VirtualAlloc, HeapSize, HeapDestroy, GetVersionExA, GetLocaleInfoA, GetACP
> USER32.dll: UnregisterClassA, SendMessageA, LockWindowUpdate, GetClassNameA, GetWindow, EnumChildWindows, CharNextA
> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegEnumKeyExA, RegOpenKeyExA, RegQueryInfoKeyA, RegCloseKey, RegDeleteKeyA, RegDeleteValueA
> ole32.dll: CoUninitialize, CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, StringFromGUID2, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: UrlUnescapeA, StrRStrIA
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
=============================================================
=============================================================
ANALYSE VIRUS TOTAL DU FICHIER C:\windows\system32\alert.exe
ce fichier n'existe pas sur mon PC
=============================================================
=============================================================
RAPPORT smitfraudfix
SmitFraudFix v2.375
Rapport fait à 20:13:35,36, 18/11/2008
Executé à partir de
C:\Users\Nathalie & Herv‚\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\NATHAL~1\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\NATHAL~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Broadcom 802.11 multibande
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA9A7734-E393-46F3-8DA4-BDECDEE3F463}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA9A7734-E393-46F3-8DA4-BDECDEE3F463}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA9A7734-E393-46F3-8DA4-BDECDEE3F463}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin