url.cpvfeed.com et EBay S'ouvrent tout le temps....
Dernière réponse : dans Sécurité
Bonjour,
J'ai des fenêtres qui s'ouvrent tou le temps.... Ad-Aware, AVG, Ccleaner, Spybot... Rien n'a faire, je n,en vioent pas a bout...
POURRRIEZ-VOUS M'AIDER ????
Analyse Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 20:46:34, on 2007-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrateur\Bureau\Grand ménage\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Reloaded Lite V2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65C0A837-3480-4D52-A33C-66E33C97F399} - C:\WINDOWS\system32\lsh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
J'ai des fenêtres qui s'ouvrent tou le temps.... Ad-Aware, AVG, Ccleaner, Spybot... Rien n'a faire, je n,en vioent pas a bout...
POURRRIEZ-VOUS M'AIDER ????
Analyse Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 20:46:34, on 2007-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrateur\Bureau\Grand ménage\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Reloaded Lite V2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65C0A837-3480-4D52-A33C-66E33C97F399} - C:\WINDOWS\system32\lsh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
Autres pages sur : url cpvfeed com ebay ouvrent temps
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.
A la fin du scan, NE TOUCHE A RIEN !
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.
Poste le rapport sur le forum.
AIDE : Tuto sur BlackLight (Malekal)
Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.
A la fin du scan, NE TOUCHE A RIEN !
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.
Poste le rapport sur le forum.
AIDE : Tuto sur BlackLight (Malekal)
Bonjour,
Voici le rapport :
05/01/07 13:08:40 [Info]: BlackLight Engine 1.0.61 initialized
05/01/07 13:08:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/01/07 13:08:42 [Note]: 7019 4
05/01/07 13:08:42 [Note]: 7005 0
05/01/07 13:08:44 [Note]: 7006 0
05/01/07 13:08:45 [Note]: 7011 1180
05/01/07 13:08:45 [Note]: 7026 0
05/01/07 13:08:45 [Note]: 7026 0
05/01/07 13:09:00 [Note]: FSRAW library version 1.7.1021
05/01/07 13:13:10 [Note]: 2000 1012
05/01/07 13:14:31 [Note]: 7007 0
Voici le rapport :
05/01/07 13:08:40 [Info]: BlackLight Engine 1.0.61 initialized
05/01/07 13:08:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/01/07 13:08:42 [Note]: 7019 4
05/01/07 13:08:42 [Note]: 7005 0
05/01/07 13:08:44 [Note]: 7006 0
05/01/07 13:08:45 [Note]: 7011 1180
05/01/07 13:08:45 [Note]: 7026 0
05/01/07 13:08:45 [Note]: 7026 0
05/01/07 13:09:00 [Note]: FSRAW library version 1.7.1021
05/01/07 13:13:10 [Note]: 2000 1012
05/01/07 13:14:31 [Note]: 7007 0
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Bonjour,
voici le rapport.... TU ES VRAIMENT GENTIL DE M'AIDER :-)
2007-05-01 a 13:39:16,37
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxccwrd.dll" FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxcdmns.dll" FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxcknwrd.dll" FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxcuknwrd.dll" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Ipwindows\" FOUND
"C:\Program Files\outlook\" FOUND
"C:\Program Files\Outerinfo" FOUND
"C:\Program Files\PeDevice\" FOUND
*** Fin du rapport !
voici le rapport.... TU ES VRAIMENT GENTIL DE M'AIDER :-)
2007-05-01 a 13:39:16,37
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxccwrd.dll" FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxcdmns.dll" FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxcknwrd.dll" FOUND
"C:\Documents and Settings\Administrateur\Application Data\Dxcuknwrd.dll" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Ipwindows\" FOUND
"C:\Program Files\outlook\" FOUND
"C:\Program Files\Outerinfo" FOUND
"C:\Program Files\PeDevice\" FOUND
*** Fin du rapport !
J'aimerais vérifier quelque chose :
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Bonjour
Voici le rapport :
"Administrateur" - 07-05-01 14:21:40 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Administrateur\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxccwrd.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxcdmns.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxcuknwrd.dll
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook\p.RB0
C:\Program Files\outlook\p.zip
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\pae_url.xml
C:\Program Files\pedevice\PeDev.dll
C:\Program Files\pedevice\PeDev.exe
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\Preparation.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\watchlist.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\Fichiers communs\{30EBD~1\Bar888.dll
C:\Program Files\Fichiers communs\{30EBD~1\UnInstall.exe
C:\Program Files\ipwindows
C:\Program Files\outerinfo
C:\Program Files\outlook
C:\WINDOWS\system32\bund1
C:\Program Files\Fichiers communs\Uninstall Information
C:\Program Files\pedevice
C:\Program Files\Fichiers communs\{20EBD~1
C:\Program Files\Fichiers communs\{20EBD~2
C:\Program Files\Fichiers communs\{30EBD~1
C:\WINDOWS\system32\drivers\core.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\PPATCH~1
C:\qoobox\purity\C\WINDOWS\YSTEM~1
C:\qoobox\purity\C\WINDOWS\system32\SSTEM~1
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Client IP-IPX
-------\core
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))
2007-05-01 13:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-04-27 14:51 <REP> d-------- C:\WINDOWS\AU_Temp
2007-04-27 09:44 <REP> d-------- C:\Program Files\Executive Software
2007-04-27 09:42 <REP> d-------- C:\D‚fragmenteur
2007-04-22 20:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-07 09:04 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-04-04 19:08 <REP> d-------- C:\WMSDK
2007-04-04 19:05 33,553,728 --a------ C:\wmformat11sdk.exe
2007-04-04 18:12 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-04 18:08 <REP> d--h----- C:\Program Files\Creative Installation Information
2007-04-04 18:08 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2007-04-04 18:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-04-02 17:19 <REP> d-------- C:\DOCUME~1\jimbo\APPLIC~1\ArcSoft
2007-04-01 20:45 <REP> d--hs---- C:\WINDOWS\QURNSU4
2007-04-01 08:42 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-01 08:42 167 --a------ C:\WINDOWS\system32\9159.bat
2007-04-01 08:42 <REP> d-------- C:\Temp\tn3
2007-04-01 08:41 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-04-01 08:41 <REP> d-------- C:\WINDOWS\system32\micro1
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-27 14:51 86094 --a------ C:\WINDOWS\bpmnt.dll
2007-04-27 14:51 1101904 --a------ C:\WINDOWS\vsapi32.dll
2007-04-27 12:15 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-04-27 12:15 267845 --a------ C:\WINDOWS\tsc.exe
2007-04-27 12:10 69689 --a------ C:\WINDOWS\unzip.dll
2007-04-27 12:10 507904 --a------ C:\WINDOWS\tmupdate.dll
2007-04-27 12:10 286720 --a------ C:\WINDOWS\patch.exe
2007-04-27 08:45 45866 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-04-27 08:45 361140 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-04-21 08:32 -------- d-------- C:\Program Files\cdburnerxp pro 3
2007-04-21 08:11 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-14 10:00 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-09 21:25 -------- d--h----- C:\Program Files\installshield installation information
2007-04-04 18:11 -------- d-------- C:\Program Files\creative
2007-04-01 17:22 -------- d-------- C:\Program Files\microsoft frontpage
2007-04-01 16:31 -------- d-------- C:\Program Files\services en ligne
2007-03-28 19:51 -------- d-------- C:\Program Files\yahoo!
2007-03-26 08:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-26 08:21 -------- d-------- C:\Program Files\zylom games
2007-03-25 11:09 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\zylom
2007-03-20 16:58 -------- d-------- C:\Program Files\lexmark_hostcd
2007-03-20 16:58 -------- d-------- C:\Program Files\lexmark applications
2007-03-20 16:58 -------- d-------- C:\Program Files\lexmark
2007-03-17 09:47 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 20:24 10883960 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2007-03-14 20:21 -------- d-------- C:\Program Files\illustrate
2007-03-12 17:45 -------- d-------- C:\Program Files\west point bridge designer 2007
2007-03-12 17:40 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\tuneup software
2007-03-08 15:01 -------- d-------- C:\Program Files\quicktime
2007-03-08 11:50 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:50 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 11:45 1844096 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 07:52 -------- d-------- C:\Program Files\incredimail
2007-03-02 00:04 -------- d-------- C:\Program Files\msn messenger
2007-03-01 23:58 -------- d-------- C:\Program Files\google
2007-02-05 16:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-03 21:55 1866 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-02 22:19 293 --a------ C:\WINDOWS\ereg072.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{65C0A837-3480-4D52-A33C-66E33C97F399} C:\WINDOWS\system32\lsh.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Vistadrv"="C:\\WINDOWS\\system32\\Vistadrive\\vsdrv.exe"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Creative Detector U"="\"C:\\Program Files\\Creative\\MediaSource5\\CTDetctu.exe\" /R"
"MtdAcqu"="\"C:\\Program Files\\Creative\\MediaSource5\\MtdAcqu.exe\" /s"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoSMMyPictures"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001
"EditLevel"=dword:00000000
"NoClose"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoSaveSettings"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoSMMyPictures"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk"
"backup"="C:\\WINDOWS\\pss\\Outil de mise à jour Google.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Outil de mise à jour Google"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\SB Live! 24-bit\\Surround Mixer\\CTSysVol.exe\" /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MtdAcq"
"hkey"="HKCU"
"command"="C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ WebClient\0LmHosts\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 15:36:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-01 15:36:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-01 15:36
Voici le rapport :
"Administrateur" - 07-05-01 14:21:40 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Administrateur\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxccwrd.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxcdmns.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\ADMINI~1\APPLIC~1\Dxcuknwrd.dll
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook\p.RB0
C:\Program Files\outlook\p.zip
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\pae_url.xml
C:\Program Files\pedevice\PeDev.dll
C:\Program Files\pedevice\PeDev.exe
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\Preparation.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\watchlist.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\Fichiers communs\{30EBD~1\Bar888.dll
C:\Program Files\Fichiers communs\{30EBD~1\UnInstall.exe
C:\Program Files\ipwindows
C:\Program Files\outerinfo
C:\Program Files\outlook
C:\WINDOWS\system32\bund1
C:\Program Files\Fichiers communs\Uninstall Information
C:\Program Files\pedevice
C:\Program Files\Fichiers communs\{20EBD~1
C:\Program Files\Fichiers communs\{20EBD~2
C:\Program Files\Fichiers communs\{30EBD~1
C:\WINDOWS\system32\drivers\core.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\PPATCH~1
C:\qoobox\purity\C\WINDOWS\YSTEM~1
C:\qoobox\purity\C\WINDOWS\system32\SSTEM~1
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Client IP-IPX
-------\core
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))
2007-05-01 13:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-04-27 14:51 <REP> d-------- C:\WINDOWS\AU_Temp
2007-04-27 09:44 <REP> d-------- C:\Program Files\Executive Software
2007-04-27 09:42 <REP> d-------- C:\D‚fragmenteur
2007-04-22 20:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-07 09:04 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-04-04 19:08 <REP> d-------- C:\WMSDK
2007-04-04 19:05 33,553,728 --a------ C:\wmformat11sdk.exe
2007-04-04 18:12 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-04 18:08 <REP> d--h----- C:\Program Files\Creative Installation Information
2007-04-04 18:08 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2007-04-04 18:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-04-02 17:19 <REP> d-------- C:\DOCUME~1\jimbo\APPLIC~1\ArcSoft
2007-04-01 20:45 <REP> d--hs---- C:\WINDOWS\QURNSU4
2007-04-01 08:42 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-01 08:42 167 --a------ C:\WINDOWS\system32\9159.bat
2007-04-01 08:42 <REP> d-------- C:\Temp\tn3
2007-04-01 08:41 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-04-01 08:41 <REP> d-------- C:\WINDOWS\system32\micro1
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-27 14:51 86094 --a------ C:\WINDOWS\bpmnt.dll
2007-04-27 14:51 1101904 --a------ C:\WINDOWS\vsapi32.dll
2007-04-27 12:15 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-04-27 12:15 267845 --a------ C:\WINDOWS\tsc.exe
2007-04-27 12:10 69689 --a------ C:\WINDOWS\unzip.dll
2007-04-27 12:10 507904 --a------ C:\WINDOWS\tmupdate.dll
2007-04-27 12:10 286720 --a------ C:\WINDOWS\patch.exe
2007-04-27 08:45 45866 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-04-27 08:45 361140 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-04-21 08:32 -------- d-------- C:\Program Files\cdburnerxp pro 3
2007-04-21 08:11 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-14 10:00 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-09 21:25 -------- d--h----- C:\Program Files\installshield installation information
2007-04-04 18:11 -------- d-------- C:\Program Files\creative
2007-04-01 17:22 -------- d-------- C:\Program Files\microsoft frontpage
2007-04-01 16:31 -------- d-------- C:\Program Files\services en ligne
2007-03-28 19:51 -------- d-------- C:\Program Files\yahoo!
2007-03-26 08:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-26 08:21 -------- d-------- C:\Program Files\zylom games
2007-03-25 11:09 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\zylom
2007-03-20 16:58 -------- d-------- C:\Program Files\lexmark_hostcd
2007-03-20 16:58 -------- d-------- C:\Program Files\lexmark applications
2007-03-20 16:58 -------- d-------- C:\Program Files\lexmark
2007-03-17 09:47 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 20:24 10883960 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2007-03-14 20:21 -------- d-------- C:\Program Files\illustrate
2007-03-12 17:45 -------- d-------- C:\Program Files\west point bridge designer 2007
2007-03-12 17:40 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\tuneup software
2007-03-08 15:01 -------- d-------- C:\Program Files\quicktime
2007-03-08 11:50 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:50 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 11:45 1844096 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 07:52 -------- d-------- C:\Program Files\incredimail
2007-03-02 00:04 -------- d-------- C:\Program Files\msn messenger
2007-03-01 23:58 -------- d-------- C:\Program Files\google
2007-02-05 16:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-03 21:55 1866 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-02 22:19 293 --a------ C:\WINDOWS\ereg072.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{65C0A837-3480-4D52-A33C-66E33C97F399} C:\WINDOWS\system32\lsh.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Vistadrv"="C:\\WINDOWS\\system32\\Vistadrive\\vsdrv.exe"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Creative Detector U"="\"C:\\Program Files\\Creative\\MediaSource5\\CTDetctu.exe\" /R"
"MtdAcqu"="\"C:\\Program Files\\Creative\\MediaSource5\\MtdAcqu.exe\" /s"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoSMMyPictures"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001
"EditLevel"=dword:00000000
"NoClose"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoSaveSettings"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoSMMyPictures"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk"
"backup"="C:\\WINDOWS\\pss\\Outil de mise à jour Google.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Outil de mise à jour Google"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\SB Live! 24-bit\\Surround Mixer\\CTSysVol.exe\" /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MtdAcq"
"hkey"="HKCU"
"command"="C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ WebClient\0LmHosts\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 15:36:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-01 15:36:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-01 15:36
salut
Logfile of HijackThis v1.99.1
Scan saved at 14:02:30, on 2007-05-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\Grand ménage\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65C0A837-3480-4D52-A33C-66E33C97F399} - C:\WINDOWS\system32\lsh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:02:30, on 2007-05-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\Grand ménage\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65C0A837-3480-4D52-A33C-66E33C97F399} - C:\WINDOWS\system32\lsh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
Ton pc se comporte mieux ?
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Bonjour,
Voici Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15:54:48, on 2007-05-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\Grand ménage\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65C0A837-3480-4D52-A33C-66E33C97F399} - C:\WINDOWS\system32\lsh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
et voici l'autre
--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:38:11 2007-05-02
+ Résultat de l'analyse:
C:\QooBox\Quarantine\C\Program Files\PeDevice\PeDev.dll.vir -> Adware.Delfin : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir -> Adware.PurityScan : Nettoyé.
C:\Program Files\Services en ligne\viliwiky.dll -> Adware.ZQuest : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir -> Rootkit.Agent.eq : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@amazonsearsca.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@servedby.advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.epilot[1].txt -> TrackingCookie.Epilot : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@www.epilot[1].txt -> TrackingCookie.Epilot : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@e-2dj6wfk4emdpshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ehg-corusentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ehg-groupernetworks.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ehg-yamahamotors.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@pro-market[2].txt -> TrackingCookie.Pro-market : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@specificclick[2].txt -> TrackingCookie.Specificclick : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Voici Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15:54:48, on 2007-05-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\Grand ménage\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65C0A837-3480-4D52-A33C-66E33C97F399} - C:\WINDOWS\system32\lsh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
et voici l'autre
--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:38:11 2007-05-02
+ Résultat de l'analyse:
C:\QooBox\Quarantine\C\Program Files\PeDevice\PeDev.dll.vir -> Adware.Delfin : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir -> Adware.PurityScan : Nettoyé.
C:\Program Files\Services en ligne\viliwiky.dll -> Adware.ZQuest : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir -> Rootkit.Agent.eq : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@amazonsearsca.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@servedby.advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.epilot[1].txt -> TrackingCookie.Epilot : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@www.epilot[1].txt -> TrackingCookie.Epilot : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@e-2dj6wfk4emdpshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ehg-corusentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ehg-groupernetworks.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ehg-yamahamotors.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@pro-market[2].txt -> TrackingCookie.Pro-market : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@specificclick[2].txt -> TrackingCookie.Specificclick : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\jimbo\Cookies\jimbo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Lassé par la pub ? Créez un compte
- Contenus similaires :
