Problème avec virus aidez moi svp
Résolu
Airdelavie
-
Airdelavie Messages postés 13 Statut Membre -
Airdelavie Messages postés 13 Statut Membre -
Bonjour,
Voilà, depuis une semaine j'essaie de suprimer un virus qui a infecté mon ordi, autant je nettoie sur le mode sans échec et je ne suis pas capable de l'éliminer, quelqu'un pourrait m'aidé SVP!
je crois que c'est ceci qui affecte mon ordi:
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
Voici un compte rendu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:53:23, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voilà, depuis une semaine j'essaie de suprimer un virus qui a infecté mon ordi, autant je nettoie sur le mode sans échec et je ne suis pas capable de l'éliminer, quelqu'un pourrait m'aidé SVP!
je crois que c'est ceci qui affecte mon ordi:
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
Voici un compte rendu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:53:23, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Problème avec virus aidez moi svp
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
36 réponses
bonjour,
Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Clique sur Ok.
Redémarre et essaie de relance SDFix.
ensuite
Télécharge Toolbar-S&D (Eric_71, Angeldark, Sham_Rock et XmichouX) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Tutorial Toolbar S&D
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis valide avec la touche "Entrée".
* Choisis l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Clique sur Ok.
Redémarre et essaie de relance SDFix.
ensuite
Télécharge Toolbar-S&D (Eric_71, Angeldark, Sham_Rock et XmichouX) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Tutorial Toolbar S&D
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis valide avec la touche "Entrée".
* Choisis l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
re,
je dois partir,mais je me jette sur les rapports en rentrant fin d'aprèm...
donc sois patiente
a tout
@+
je dois partir,mais je me jette sur les rapports en rentrant fin d'aprèm...
donc sois patiente
a tout
@+
Ok je reviendrais plus tard,
J'oubliais qu'il y a toujours au redemarage 3 fenêtres d'erreurs disant :
erreur de chargement de wekateme.dll
,, ,, de tinuhagu.dll
,, ,, de senifetu.dll
Voici le rapport de SDFix :
[b]SDFix: Version 1.240 [/b]
Run by Marco on 2008-12-10 at 08:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\Marco\Local Settings\Temp\696.tmp.exe - Deleted
C:\WINDOWS\system32\~.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
creating catchme.sys error: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
driver loading error catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 08:35:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [1624]
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1016aac2.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\11ffbd10.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\18c5dc15.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\19a6ac6.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1a304ca8.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1aa349d0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1b214c0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1b66079a.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\242d4812.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2448ca14.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\25b8e8bf.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2697ef34.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\28cc0ce3.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2a6e8026.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2acfc0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2bcb92dc.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2cf2d10.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2df831d0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2e661887.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\560d495.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\6f9069f.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\7c96b44.dll"
Tue 25 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\8536CB2307.sys"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\c408792.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\c94d7a2.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\e00afe7.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\e5a97a.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\ed4aa32.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\efe9e40.dll"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\fatuzabe.dll.tmp"
Tue 25 Mar 2008 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\mowilufe.dll.tmp"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\nozubube.dll.tmp"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\sadovujo.dll.tmp"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\tupurevo.dll.tmp"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\wosesara.dll.tmp"
Sat 10 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"
[b]Finished![/b]
et celui Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:34, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers
communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost
2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32
\%%%.exe
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad}
- C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion
Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in -
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program
Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program
Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe
"C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe
"C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe
"c:\windows\system32\senifetu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe
"C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe
"C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live
Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel
- res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System
Requirements Lab) -
https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysr
eqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows
Live Photo Upload Control) -
http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPU
pld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c
ab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave
Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/sw
flash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}
(FlashXControl Object) -
https://signin3.valueactive.com/Register/Branding/olr3313/OCX
/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll
C:\WINDOWS\system32\huwokuse.dll
c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative
Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation -
C:\Program Files\Symantec\Norton Ghost
2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. -
C:\Program Files\Fichiers
communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program
Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC
Tools Research Pty Ltd - C:\Program Files\PC Tools
AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'oubliais qu'il y a toujours au redemarage 3 fenêtres d'erreurs disant :
erreur de chargement de wekateme.dll
,, ,, de tinuhagu.dll
,, ,, de senifetu.dll
Voici le rapport de SDFix :
[b]SDFix: Version 1.240 [/b]
Run by Marco on 2008-12-10 at 08:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\Marco\Local Settings\Temp\696.tmp.exe - Deleted
C:\WINDOWS\system32\~.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
creating catchme.sys error: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
driver loading error catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 08:35:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [1624]
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1016aac2.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\11ffbd10.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\18c5dc15.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\19a6ac6.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1a304ca8.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1aa349d0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1b214c0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1b66079a.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\242d4812.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2448ca14.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\25b8e8bf.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2697ef34.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\28cc0ce3.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2a6e8026.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2acfc0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2bcb92dc.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2cf2d10.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2df831d0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2e661887.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\560d495.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\6f9069f.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\7c96b44.dll"
Tue 25 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\8536CB2307.sys"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\c408792.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\c94d7a2.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\e00afe7.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\e5a97a.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\ed4aa32.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\efe9e40.dll"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\fatuzabe.dll.tmp"
Tue 25 Mar 2008 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\mowilufe.dll.tmp"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\nozubube.dll.tmp"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\sadovujo.dll.tmp"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\tupurevo.dll.tmp"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\wosesara.dll.tmp"
Sat 10 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"
[b]Finished![/b]
et celui Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:34, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers
communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost
2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32
\%%%.exe
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad}
- C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion
Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in -
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program
Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program
Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe
"C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe
"C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe
"c:\windows\system32\senifetu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe
"C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe
"C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live
Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel
- res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System
Requirements Lab) -
https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysr
eqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows
Live Photo Upload Control) -
http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPU
pld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c
ab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave
Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/sw
flash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}
(FlashXControl Object) -
https://signin3.valueactive.com/Register/Branding/olr3313/OCX
/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll
C:\WINDOWS\system32\huwokuse.dll
c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative
Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation -
C:\Program Files\Symantec\Norton Ghost
2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. -
C:\Program Files\Fichiers
communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program
Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC
Tools Research Pty Ltd - C:\Program Files\PC Tools
AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
déso d'être si tard...
Télécharge MSNFix.zip (de !aur3n7) sur ton bureau: http://sosvirus.changelog.fr/MSNFix.zip le tuto pour t'aider
https://www.malekal.com/supprimer-virus-desinfecter-pc/ de malekal_morte
ou
http://sosvirus.changelog.fr/
Décompresse-le (clique droit >> Extraire ici) et double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
déso d'être si tard...
Télécharge MSNFix.zip (de !aur3n7) sur ton bureau: http://sosvirus.changelog.fr/MSNFix.zip le tuto pour t'aider
https://www.malekal.com/supprimer-virus-desinfecter-pc/ de malekal_morte
ou
http://sosvirus.changelog.fr/
Décompresse-le (clique droit >> Extraire ici) et double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
OUPSS pas vu cette étape désoler voici le rapport de ToolBar :
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Version 1.00
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : PC Tools AntiVirus 4.0.0.26 4.0.0.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 2008-12-10|18:28 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Hotbar
C:\Program Files\Hotbar\bin
C:\Program Files\Hotbar\bin\10.2.217.0
-----------\\ Extensions
(Marco) - {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => imacros
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Marco\Bureau\Nouveau dossier\windows xp\Windows XP Professional Keygen by CaFo.exe
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS1L.TIF
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS2L.TIF
C:\DOCUME~1\Marco\Favoris\torrent\BioShock CRACK WORK ONLY PLUS MINI IMAGE PLUS INFO torrent download.url
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen.rar
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\loulou\Crack
C:\DOCUME~1\Marco\Mes documents\loulou\Crack\Photoshop.exe
1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|18:30 - Option : [1]
-----------\\ Fin du rapport a 18:30:45,24
Ensuite celui di MSNFIX :
[C:\WINDOWS\system32\winchat.exe] 2A99260794224489F29B628717B7947E
[C:\WINDOWS\system32\WinFXDocObj.exe] A251B726EED494F2FD9E5C6B1205BDB0
[C:\WINDOWS\system32\winhlp32.exe] 577624F19D0441C9111F2AF26C81E04D
[C:\WINDOWS\system32\winlogon.exe] 123EEA158F74D0F67A51DCDF065D1091
[C:\WINDOWS\system32\winmine.exe] EA682C022F7204CC8E8C9EF5DCE29356
[C:\WINDOWS\system32\winmsd.exe] 7EBF8A4B608AFB79C67F4E4A9C5885BB
[C:\WINDOWS\system32\winspool.exe] 0B4B94B78123E8035B84105BC024F9F8
[C:\WINDOWS\system32\winver.exe] 9CD9DB5CCEE972A162C31239F16E0925
et l' Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:39, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Version 1.00
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : PC Tools AntiVirus 4.0.0.26 4.0.0.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 2008-12-10|18:28 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Hotbar
C:\Program Files\Hotbar\bin
C:\Program Files\Hotbar\bin\10.2.217.0
-----------\\ Extensions
(Marco) - {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => imacros
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Marco\Bureau\Nouveau dossier\windows xp\Windows XP Professional Keygen by CaFo.exe
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS1L.TIF
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS2L.TIF
C:\DOCUME~1\Marco\Favoris\torrent\BioShock CRACK WORK ONLY PLUS MINI IMAGE PLUS INFO torrent download.url
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen.rar
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\loulou\Crack
C:\DOCUME~1\Marco\Mes documents\loulou\Crack\Photoshop.exe
1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|18:30 - Option : [1]
-----------\\ Fin du rapport a 18:30:45,24
Ensuite celui di MSNFIX :
[C:\WINDOWS\system32\winchat.exe] 2A99260794224489F29B628717B7947E
[C:\WINDOWS\system32\WinFXDocObj.exe] A251B726EED494F2FD9E5C6B1205BDB0
[C:\WINDOWS\system32\winhlp32.exe] 577624F19D0441C9111F2AF26C81E04D
[C:\WINDOWS\system32\winlogon.exe] 123EEA158F74D0F67A51DCDF065D1091
[C:\WINDOWS\system32\winmine.exe] EA682C022F7204CC8E8C9EF5DCE29356
[C:\WINDOWS\system32\winmsd.exe] 7EBF8A4B608AFB79C67F4E4A9C5885BB
[C:\WINDOWS\system32\winspool.exe] 0B4B94B78123E8035B84105BC024F9F8
[C:\WINDOWS\system32\winver.exe] 9CD9DB5CCEE972A162C31239F16E0925
et l' Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:39, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
*** Ne ferme pas la fenêtre lors de la suppression ***
Un rapport sera créé, poste son contenu ici.
*** Ne ferme pas la fenêtre lors de la suppression ***
Un rapport sera créé, poste son contenu ici.
Le voici
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Version 1.00
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : PC Tools AntiVirus 4.0.0.26 4.0.0.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 2008-12-10|19:03 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Hotbar\bin
Supprime! - C:\Program Files\Hotbar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Marco) - {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => imacros
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Marco\Bureau\Nouveau dossier\windows xp\Windows XP Professional Keygen by CaFo.exe
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS1L.TIF
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS2L.TIF
C:\DOCUME~1\Marco\Favoris\torrent\BioShock CRACK WORK ONLY PLUS MINI IMAGE PLUS INFO torrent download.url
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen.rar
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\loulou\Crack
C:\DOCUME~1\Marco\Mes documents\loulou\Crack\Photoshop.exe
1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|18:30 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-12-10|19:05 - Option : [2]
-----------\\ Fin du rapport a 19:05:54,62
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Version 1.00
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : PC Tools AntiVirus 4.0.0.26 4.0.0.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 2008-12-10|19:03 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Hotbar\bin
Supprime! - C:\Program Files\Hotbar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Marco) - {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => imacros
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Marco\Bureau\Nouveau dossier\windows xp\Windows XP Professional Keygen by CaFo.exe
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS1L.TIF
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS2L.TIF
C:\DOCUME~1\Marco\Favoris\torrent\BioShock CRACK WORK ONLY PLUS MINI IMAGE PLUS INFO torrent download.url
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen.rar
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\loulou\Crack
C:\DOCUME~1\Marco\Mes documents\loulou\Crack\Photoshop.exe
1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|18:30 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-12-10|19:05 - Option : [2]
-----------\\ Fin du rapport a 19:05:54,62
bon bin,
faut que tu vires tes cracks...ces eux qui foutent la merde
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes
Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
-----------------------------------------------------
installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)
Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:
https://support.microsoft.com/en-us/help/310994
descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.
enregistre le sur ton bureau.
fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Combofix va installer la console de récupération sur ton pc
a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
---------------------------------------------------------------------
faut que tu vires tes cracks...ces eux qui foutent la merde
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes
Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
-----------------------------------------------------
installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)
Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:
https://support.microsoft.com/en-us/help/310994
descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.
enregistre le sur ton bureau.
fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Combofix va installer la console de récupération sur ton pc
a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
---------------------------------------------------------------------
cela dis,je regarde demain a tète reposée car la,je dors sur le clavier
donc moi dodo
au cas ou tu n'installes evidement pas la console de récupération si elle y est déja...
a tantot
++
donc moi dodo
au cas ou tu n'installes evidement pas la console de récupération si elle y est déja...
a tantot
++
Me revoilà,
Voici le premier rapport du combos :
ComboFix 08-12-09.03 - Marco 2008-12-10 19:36:32.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2670 [GMT -5:00]
Lancé depuis: c:\documents and settings\Marco\Bureau\Nouveau dossier\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Windows Live\Messenger\msimg32.dll
c:\windows\system32\%%%.exe
c:\windows\system32\abokewas.ini
c:\windows\system32\akorekad.ini
c:\windows\system32\amotamud.ini
c:\windows\system32\dakeroka.dll
c:\windows\system32\dumatoma.dll
c:\windows\system32\lobodido.dll
c:\windows\system32\nadejafi.dll
c:\windows\system32\orehonap.ini
c:\windows\system32\sawekoba.dll
c:\windows\system32\ugahunit.ini
c:\windows\system32\upizatul.ini
c:\windows\system32\uveyulid.ini
c:\windows\system32\uyukupew.ini
----- BITS: Il y a peut-être des sites infectés -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:21 . 2008-12-10 19:21 <REP> d-------- c:\windows\LastGood.Tmp
2008-12-10 18:27 . 2008-12-10 19:05 <REP> d-------- C:\ToolBar SD
2008-12-10 08:23 . 2008-12-10 08:23 <REP> d-------- c:\windows\ERUNT
2008-12-10 08:15 . 2008-12-10 08:38 <REP> d-------- C:\SDFix
2008-12-06 17:38 . 2008-12-07 00:52 <REP> d-------- c:\program files\UNI2
2008-11-17 18:28 . 2008-11-17 18:28 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 14:29 . 2008-11-25 10:13 <REP> d-------- c:\program files\MindArk
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 00:56 9,936,928 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 00:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-10 23:20 117,248 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 13:17 1,399,296 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-10 06:43 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-09 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\pkdyhobi
2008-12-07 12:23 3,614,208 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-06 06:32 --------- d-----w c:\program files\AxBx
2008-12-05 20:10 1,390,080 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-05 14:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:28 --------- d-----w c:\program files\PC Tools AntiVirus
2008-11-21 02:20 1,368,576 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-14 19:54 --------- d-----w c:\documents and settings\Marco\Application Data\dvdcss
2008-11-14 15:31 2,783,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-05 23:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-05 00:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 20:17 2,901,504 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-03 02:38 --------- d-----w c:\program files\directx
2008-11-03 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 02:33 --------- d-----w c:\program files\Micro Application
2008-11-01 19:40 --------- d-----w c:\program files\epson
2008-10-27 17:46 1,211,392 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-10-24 18:28 1,339,392 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-24 02:00 1,605,120 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-10-24 02:00 1,337,344 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-10-23 23:15 1,936,099 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 08:38 373,760 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-10-23 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 22:05 963,584 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-21 13:10 248,832 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-21 03:24 1,031,680 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-19 20:00 1,749,504 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-18 09:57 650,752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-17 17:14 169,984 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-17 13:23 2,131,456 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-16 09:11 671,232 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-15 21:57 --------- d-----w c:\program files\QuickTime
2008-10-15 21:43 449,024 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-15 16:32 --------- d-----w c:\program files\Zone Labs
2008-03-25 18:44 56 --sh--r c:\windows\system32\8536CB2307.sys
2008-03-25 18:46 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"UniMessenger"="c:\program files\UNI2\UNI2.exe" [2007-10-31 82432]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-05 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 01:42 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
--a------ 2002-12-11 23:14 46592 c:\windows\system32\dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 10:58 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GOlive]
--a------ 2008-10-01 15:53 827392 c:\progra~1\GOlive\GOlive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2008-03-05 08:37 1238928 c:\program files\PC Tools AntiVirus\PCTAV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-10 01:43 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-01-30 13:54 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 oflpydin;oflpydin;\??\c:\docume~1\Marco\LOCALS~1\Temp\oflpydin.sys []
.
Contenu du dossier 'Tâches planifiées'
2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-12-10 c:\windows\Tasks\At10.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At17.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At18.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At19.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At20.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At21.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At24.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At8.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At9.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{3c58f64b-ffa8-47fd-9673-4df517638fad} - c:\windows\system32\fetilari.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-jiyalonunu - c:\windows\system32\wekateme.dll
HKLM-Run-346e5c34 - c:\windows\system32\tinuhagu.dll
HKLM-Run-CPM375d6fa8 - c:\windows\system32\senifetu.dll
Notify-WgaLogon - (no file)
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-ATI Launchpad - c:\program files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-BDMCon - c:\program files\Softwin\BitDefender8\bdmcon.exe
MSConfigStartUp-BDNewsAgent - c:\program files\Softwin\BitDefender8\bdnagent.exe
MSConfigStartUp-Flash Media - c:\windows\system32\%%%.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-MSFox - c:\docume~1\Marco\LOCALS~1\Temp\video241.cfg.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FireFox -: Profile - c:\documents and settings\Marco\Application Data\Mozilla\Firefox\Profiles\tjt0dnef.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 19:58:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(808)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-10 20:02:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-11 01:02:45
Avant-CF: 52 438 790 144 octets libres
Après-CF: 52,406,087,680 octets libres
284 --- E O F --- 2008-04-04 18:37:03
ensuite 2 iem rapport quand j'ai glissé du reboot de sevice pack2 sur le combos :
ComboFix 08-12-09.03 - Marco 2008-12-10 20:06:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2672 [GMT -5:00]
Lancé depuis: c:\documents and settings\Marco\Bureau\Nouveau dossier\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Marco\Bureau\Nouveau dossier\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 18:27 . 2008-12-10 19:05 <REP> d-------- C:\ToolBar SD
2008-12-10 08:23 . 2008-12-10 08:23 <REP> d-------- c:\windows\ERUNT
2008-12-10 08:15 . 2008-12-10 08:38 <REP> d-------- C:\SDFix
2008-12-06 17:38 . 2008-12-07 00:52 <REP> d-------- c:\program files\UNI2
2008-11-17 18:28 . 2008-11-17 18:28 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 14:29 . 2008-11-25 10:13 <REP> d-------- c:\program files\MindArk
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 01:09 9,941,024 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 00:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-10 23:20 117,248 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 13:17 1,399,296 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-10 06:43 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-09 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\pkdyhobi
2008-12-07 12:23 3,614,208 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-06 06:32 --------- d-----w c:\program files\AxBx
2008-12-05 20:10 1,390,080 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-05 14:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:28 --------- d-----w c:\program files\PC Tools AntiVirus
2008-11-21 02:20 1,368,576 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-14 19:54 --------- d-----w c:\documents and settings\Marco\Application Data\dvdcss
2008-11-14 15:31 2,783,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-05 23:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-05 00:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 20:17 2,901,504 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-03 02:38 --------- d-----w c:\program files\directx
2008-11-03 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 02:33 --------- d-----w c:\program files\Micro Application
2008-11-01 19:40 --------- d-----w c:\program files\epson
2008-10-27 17:46 1,211,392 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-10-24 18:28 1,339,392 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-24 02:00 1,605,120 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-10-24 02:00 1,337,344 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-10-23 23:15 1,936,099 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 08:38 373,760 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-10-23 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 22:05 963,584 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-21 13:10 248,832 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-21 03:24 1,031,680 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-19 20:00 1,749,504 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-18 09:57 650,752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-17 17:14 169,984 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-17 13:23 2,131,456 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-16 09:11 671,232 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-15 21:57 --------- d-----w c:\program files\QuickTime
2008-10-15 21:43 449,024 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-15 16:32 --------- d-----w c:\program files\Zone Labs
2008-03-25 18:44 56 --sh--r c:\windows\system32\8536CB2307.sys
2008-03-25 18:46 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"UniMessenger"="c:\program files\UNI2\UNI2.exe" [2007-10-31 82432]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-05 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 01:42 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
--a------ 2002-12-11 23:14 46592 c:\windows\system32\dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 10:58 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GOlive]
--a------ 2008-10-01 15:53 827392 c:\progra~1\GOlive\GOlive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2008-03-05 08:37 1238928 c:\program files\PC Tools AntiVirus\PCTAV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-10 01:43 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-01-30 13:54 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 oflpydin;oflpydin;\??\c:\docume~1\Marco\LOCALS~1\Temp\oflpydin.sys []
.
Contenu du dossier 'Tâches planifiées'
2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-12-10 c:\windows\Tasks\At10.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At17.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At18.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At19.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At20.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At21.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At24.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At8.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At9.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FireFox -: Profile - c:\documents and settings\Marco\Application Data\Mozilla\Firefox\Profiles\tjt0dnef.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 20:09:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(808)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
Heure de fin: 2008-12-10 20:10:45
ComboFix-quarantined-files.txt 2008-12-11 01:10:41
ComboFix2.txt 2008-12-11 01:02:52
Avant-CF: 52 369 539 072 octets libres
Après-CF: 52,354,854,912 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
241 --- E O F --- 2008-04-04 18:37:03
et finnalement le Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:12, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voici le premier rapport du combos :
ComboFix 08-12-09.03 - Marco 2008-12-10 19:36:32.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2670 [GMT -5:00]
Lancé depuis: c:\documents and settings\Marco\Bureau\Nouveau dossier\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Windows Live\Messenger\msimg32.dll
c:\windows\system32\%%%.exe
c:\windows\system32\abokewas.ini
c:\windows\system32\akorekad.ini
c:\windows\system32\amotamud.ini
c:\windows\system32\dakeroka.dll
c:\windows\system32\dumatoma.dll
c:\windows\system32\lobodido.dll
c:\windows\system32\nadejafi.dll
c:\windows\system32\orehonap.ini
c:\windows\system32\sawekoba.dll
c:\windows\system32\ugahunit.ini
c:\windows\system32\upizatul.ini
c:\windows\system32\uveyulid.ini
c:\windows\system32\uyukupew.ini
----- BITS: Il y a peut-être des sites infectés -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:21 . 2008-12-10 19:21 <REP> d-------- c:\windows\LastGood.Tmp
2008-12-10 18:27 . 2008-12-10 19:05 <REP> d-------- C:\ToolBar SD
2008-12-10 08:23 . 2008-12-10 08:23 <REP> d-------- c:\windows\ERUNT
2008-12-10 08:15 . 2008-12-10 08:38 <REP> d-------- C:\SDFix
2008-12-06 17:38 . 2008-12-07 00:52 <REP> d-------- c:\program files\UNI2
2008-11-17 18:28 . 2008-11-17 18:28 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 14:29 . 2008-11-25 10:13 <REP> d-------- c:\program files\MindArk
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 00:56 9,936,928 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 00:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-10 23:20 117,248 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 13:17 1,399,296 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-10 06:43 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-09 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\pkdyhobi
2008-12-07 12:23 3,614,208 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-06 06:32 --------- d-----w c:\program files\AxBx
2008-12-05 20:10 1,390,080 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-05 14:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:28 --------- d-----w c:\program files\PC Tools AntiVirus
2008-11-21 02:20 1,368,576 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-14 19:54 --------- d-----w c:\documents and settings\Marco\Application Data\dvdcss
2008-11-14 15:31 2,783,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-05 23:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-05 00:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 20:17 2,901,504 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-03 02:38 --------- d-----w c:\program files\directx
2008-11-03 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 02:33 --------- d-----w c:\program files\Micro Application
2008-11-01 19:40 --------- d-----w c:\program files\epson
2008-10-27 17:46 1,211,392 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-10-24 18:28 1,339,392 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-24 02:00 1,605,120 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-10-24 02:00 1,337,344 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-10-23 23:15 1,936,099 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 08:38 373,760 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-10-23 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 22:05 963,584 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-21 13:10 248,832 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-21 03:24 1,031,680 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-19 20:00 1,749,504 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-18 09:57 650,752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-17 17:14 169,984 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-17 13:23 2,131,456 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-16 09:11 671,232 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-15 21:57 --------- d-----w c:\program files\QuickTime
2008-10-15 21:43 449,024 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-15 16:32 --------- d-----w c:\program files\Zone Labs
2008-03-25 18:44 56 --sh--r c:\windows\system32\8536CB2307.sys
2008-03-25 18:46 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"UniMessenger"="c:\program files\UNI2\UNI2.exe" [2007-10-31 82432]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-05 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 01:42 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
--a------ 2002-12-11 23:14 46592 c:\windows\system32\dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 10:58 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GOlive]
--a------ 2008-10-01 15:53 827392 c:\progra~1\GOlive\GOlive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2008-03-05 08:37 1238928 c:\program files\PC Tools AntiVirus\PCTAV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-10 01:43 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-01-30 13:54 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 oflpydin;oflpydin;\??\c:\docume~1\Marco\LOCALS~1\Temp\oflpydin.sys []
.
Contenu du dossier 'Tâches planifiées'
2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-12-10 c:\windows\Tasks\At10.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At17.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At18.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At19.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At20.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At21.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At24.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At8.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At9.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{3c58f64b-ffa8-47fd-9673-4df517638fad} - c:\windows\system32\fetilari.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-jiyalonunu - c:\windows\system32\wekateme.dll
HKLM-Run-346e5c34 - c:\windows\system32\tinuhagu.dll
HKLM-Run-CPM375d6fa8 - c:\windows\system32\senifetu.dll
Notify-WgaLogon - (no file)
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-ATI Launchpad - c:\program files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-BDMCon - c:\program files\Softwin\BitDefender8\bdmcon.exe
MSConfigStartUp-BDNewsAgent - c:\program files\Softwin\BitDefender8\bdnagent.exe
MSConfigStartUp-Flash Media - c:\windows\system32\%%%.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-MSFox - c:\docume~1\Marco\LOCALS~1\Temp\video241.cfg.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FireFox -: Profile - c:\documents and settings\Marco\Application Data\Mozilla\Firefox\Profiles\tjt0dnef.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 19:58:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(808)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-10 20:02:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-11 01:02:45
Avant-CF: 52 438 790 144 octets libres
Après-CF: 52,406,087,680 octets libres
284 --- E O F --- 2008-04-04 18:37:03
ensuite 2 iem rapport quand j'ai glissé du reboot de sevice pack2 sur le combos :
ComboFix 08-12-09.03 - Marco 2008-12-10 20:06:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2672 [GMT -5:00]
Lancé depuis: c:\documents and settings\Marco\Bureau\Nouveau dossier\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Marco\Bureau\Nouveau dossier\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 18:27 . 2008-12-10 19:05 <REP> d-------- C:\ToolBar SD
2008-12-10 08:23 . 2008-12-10 08:23 <REP> d-------- c:\windows\ERUNT
2008-12-10 08:15 . 2008-12-10 08:38 <REP> d-------- C:\SDFix
2008-12-06 17:38 . 2008-12-07 00:52 <REP> d-------- c:\program files\UNI2
2008-11-17 18:28 . 2008-11-17 18:28 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 14:29 . 2008-11-25 10:13 <REP> d-------- c:\program files\MindArk
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 01:09 9,941,024 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 00:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-10 23:20 117,248 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 13:17 1,399,296 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-10 06:43 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-09 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\pkdyhobi
2008-12-07 12:23 3,614,208 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-06 06:32 --------- d-----w c:\program files\AxBx
2008-12-05 20:10 1,390,080 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-05 14:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:28 --------- d-----w c:\program files\PC Tools AntiVirus
2008-11-21 02:20 1,368,576 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-14 19:54 --------- d-----w c:\documents and settings\Marco\Application Data\dvdcss
2008-11-14 15:31 2,783,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-05 23:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-05 00:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 20:17 2,901,504 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-03 02:38 --------- d-----w c:\program files\directx
2008-11-03 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 02:33 --------- d-----w c:\program files\Micro Application
2008-11-01 19:40 --------- d-----w c:\program files\epson
2008-10-27 17:46 1,211,392 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-10-24 18:28 1,339,392 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-24 02:00 1,605,120 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-10-24 02:00 1,337,344 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-10-23 23:15 1,936,099 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 08:38 373,760 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-10-23 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 22:05 963,584 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-21 13:10 248,832 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-21 03:24 1,031,680 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-19 20:00 1,749,504 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-18 09:57 650,752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-17 17:14 169,984 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-17 13:23 2,131,456 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-16 09:11 671,232 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-15 21:57 --------- d-----w c:\program files\QuickTime
2008-10-15 21:43 449,024 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-15 16:32 --------- d-----w c:\program files\Zone Labs
2008-03-25 18:44 56 --sh--r c:\windows\system32\8536CB2307.sys
2008-03-25 18:46 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"UniMessenger"="c:\program files\UNI2\UNI2.exe" [2007-10-31 82432]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-05 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 01:42 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
--a------ 2002-12-11 23:14 46592 c:\windows\system32\dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 10:58 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GOlive]
--a------ 2008-10-01 15:53 827392 c:\progra~1\GOlive\GOlive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2008-03-05 08:37 1238928 c:\program files\PC Tools AntiVirus\PCTAV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-10 01:43 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-01-30 13:54 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 oflpydin;oflpydin;\??\c:\docume~1\Marco\LOCALS~1\Temp\oflpydin.sys []
.
Contenu du dossier 'Tâches planifiées'
2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-12-10 c:\windows\Tasks\At10.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At17.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At18.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At19.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At20.job
- c:\windows\system32\330cywTb.exe []
2008-12-11 c:\windows\Tasks\At21.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At24.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At8.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\At9.job
- c:\windows\system32\330cywTb.exe []
2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FireFox -: Profile - c:\documents and settings\Marco\Application Data\Mozilla\Firefox\Profiles\tjt0dnef.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 20:09:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(808)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
Heure de fin: 2008-12-10 20:10:45
ComboFix-quarantined-files.txt 2008-12-11 01:10:41
ComboFix2.txt 2008-12-11 01:02:52
Avant-CF: 52 369 539 072 octets libres
Après-CF: 52,354,854,912 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
241 --- E O F --- 2008-04-04 18:37:03
et finnalement le Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:12, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.travian.com/fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
OUII je crois que tu as bien résolu le problème, enfin ils ont été suprimé...
Je t'en remercie beaucoup de ta patience, j'aime bien de travailler avec vous sur les virus, j'en apprend à chaque fois mais je commence à bien situé les problèmes de virus qui affectent mon ordi.
Oui je connais très bien Travian je t'ai envoyé un MP sur se sujet ^^
Merci encore et je vous souhaite de très Joyeuses Fêtes à toi et ta famillle.
@ bientôt
Je t'en remercie beaucoup de ta patience, j'aime bien de travailler avec vous sur les virus, j'en apprend à chaque fois mais je commence à bien situé les problèmes de virus qui affectent mon ordi.
Oui je connais très bien Travian je t'ai envoyé un MP sur se sujet ^^
Merci encore et je vous souhaite de très Joyeuses Fêtes à toi et ta famillle.
@ bientôt
attend,c'est pas fini...
y a encore un ou deux trucs a vérifier si tu veux bien
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : c:\windows\system32\330cywTb.exe
Clique sur "Send File".
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
En cas de problèmes: http://pageperso.aol.fr/loraline60/virus_total.htm
y a encore un ou deux trucs a vérifier si tu veux bien
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : c:\windows\system32\330cywTb.exe
Clique sur "Send File".
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
En cas de problèmes: http://pageperso.aol.fr/loraline60/virus_total.htm
