fenetre intempestive
Dernière réponse : dans Sécurité
bonjour , je viens demandé votre aide car j ai un petit soucis .
chaque fois que ma connexion internet est mise et meme sans surfer , j ai des fenetres qui viennent s ouvrir me disant que mon pc est infecter et qu il a besoin d une analyse![:o]( ":o")
et mon pc est ralenti depuis ces fenetre qui s ouvre sans raison pourriez vous m aider ??
chaque fois que ma connexion internet est mise et meme sans surfer , j ai des fenetres qui viennent s ouvrir me disant que mon pc est infecter et qu il a besoin d une analyse
et mon pc est ralenti depuis ces fenetre qui s ouvre sans raison pourriez vous m aider ?? Autres pages sur : fenetre intempestive
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Hijackthis (de Trend Micro).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
Edition / Sélectionner tout
Edition / Copier
Clique-Droit / Coller dans ta réponse
Télécharge Hijackthis (de Trend Micro).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:56, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IMSetup.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cynthia\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hwelnnob.dll",forkonce
O4 - HKCU\..\Run: [OutlookMessenger] "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5748 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:56, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IMSetup.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cynthia\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hwelnnob.dll",forkonce
O4 - HKCU\..\Run: [OutlookMessenger] "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5748 bytes
Re,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
VundoFix V6.5.7
Checking Java version...
Scan started at 14:51:00 23/08/2007
Listing files found while scanning....
C:\windows\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\windows\system32\bhbnrmlm.dll
C:\windows\system32\bithplda.dll
C:\windows\system32\bonnlewh.ini
C:\WINDOWS\system32\byxvstr.dll
C:\WINDOWS\system32\ddcca.dll
C:\windows\system32\eekswbki.dll
C:\windows\system32\efccbya.dll
C:\windows\system32\exsbdqxg.dll
C:\windows\system32\gxqdbsxe.ini
C:\windows\system32\hggedcy.dll
C:\WINDOWS\system32\hwelnnob.dll
C:\windows\system32\hyklxmdr.dll
C:\windows\system32\ikbwskee.ini
C:\WINDOWS\system32\jkhhg.dll
C:\windows\system32\jkkjghh.dll
C:\windows\system32\mlmrnbhb.ini
C:\windows\system32\pmnlkji.dll
C:\windows\system32\rdmxlkyh.ini
C:\windows\system32\sdtolqbd.exe
C:\WINDOWS\system32\ytxeaoli.dll
Beginning removal...
Attempting to delete C:\windows\system32\accdd.bak1
C:\windows\system32\accdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini Has been deleted!
Attempting to delete C:\windows\system32\bhbnrmlm.dll
C:\windows\system32\bhbnrmlm.dll Has been deleted!
Attempting to delete C:\windows\system32\bithplda.dll
C:\windows\system32\bithplda.dll Has been deleted!
Attempting to delete C:\windows\system32\bonnlewh.ini
C:\windows\system32\bonnlewh.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvstr.dll
C:\WINDOWS\system32\byxvstr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Could not be deleted.
Attempting to delete C:\windows\system32\eekswbki.dll
C:\windows\system32\eekswbki.dll Has been deleted!
Attempting to delete C:\windows\system32\efccbya.dll
C:\windows\system32\efccbya.dll Has been deleted!
Attempting to delete C:\windows\system32\exsbdqxg.dll
C:\windows\system32\exsbdqxg.dll Has been deleted!
Attempting to delete C:\windows\system32\gxqdbsxe.ini
C:\windows\system32\gxqdbsxe.ini Has been deleted!
Attempting to delete C:\windows\system32\hggedcy.dll
C:\windows\system32\hggedcy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwelnnob.dll
C:\WINDOWS\system32\hwelnnob.dll Could not be deleted.
Attempting to delete C:\windows\system32\hyklxmdr.dll
C:\windows\system32\hyklxmdr.dll Has been deleted!
Attempting to delete C:\windows\system32\ikbwskee.ini
C:\windows\system32\ikbwskee.ini Has been deleted!
Attempting to delete C:\windows\system32\jkkjghh.dll
C:\windows\system32\jkkjghh.dll Has been deleted!
Attempting to delete C:\windows\system32\mlmrnbhb.ini
C:\windows\system32\mlmrnbhb.ini Has been deleted!
Attempting to delete C:\windows\system32\pmnlkji.dll
C:\windows\system32\pmnlkji.dll Has been deleted!
Attempting to delete C:\windows\system32\rdmxlkyh.ini
C:\windows\system32\rdmxlkyh.ini Has been deleted!
Attempting to delete C:\windows\system32\sdtolqbd.exe
C:\windows\system32\sdtolqbd.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytxeaoli.dll
C:\WINDOWS\system32\ytxeaoli.dll Has been deleted!
Performing Repairs to the registry.
Done!
et voici le rapport hick jack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:35, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cynthia\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\afqvtaig.dll",forkonce
O4 - HKCU\..\Run: [OutlookMessenger] "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4902 bytes
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ComboFix 07-08-17.2 - "cynael" 2007-08-23 16:30:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.195 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\b122.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\afqvtaig.dll
C:\WINDOWS\system32\clymlxti.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\dypyanqu.dll
C:\WINDOWS\system32\giatvqfa.ini
C:\WINDOWS\system32\siomcplp.exe
C:\WINDOWS\system32\winthg32.dll
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))
2007-08-23 16:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 14:51 <REP> d-------- C:\VundoFix Backups
2007-08-23 11:59 <REP> d-------- C:\ATI
2007-08-23 11:02 <REP> d-------- C:\Program Files\Lavalys
2007-08-23 10:07 5,248 --a------ C:\WINDOWS\system32\drivers\d346prt.sys
2007-08-23 10:07 156,800 --a------ C:\WINDOWS\system32\drivers\d346bus.sys
2007-08-23 10:07 <REP> d-------- C:\Program Files\D-Tools
2007-08-23 09:57 <REP> d-------- C:\Program Files\EA GAMES
2007-08-23 08:48 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-08-20 20:45 <REP> d-------- C:\Program Files\eMule
2007-08-20 17:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-20 15:26 <REP> d-------- C:\Program Files\Alcohol Soft
2007-07-31 18:26 <REP> d-------- C:\Program Files\MicroApp
2007-07-31 18:26 <REP> d-------- C:\DOCUME~1\cynthia\APPLIC~1\Hemera
2007-07-30 22:44 <REP> d-------- C:\Program Files\SDLL
2007-07-30 16:00 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2007-07-30 16:00 589,824 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-30 16:00 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-30 16:00 <REP> d-------- C:\WINDOWS\Cache
2007-07-30 15:58 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-07-30 15:58 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-07-30 15:58 <REP> d-------- C:\Program Files\Samsung
2007-07-30 15:56 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-23 13:49 --------- d-------- C:\Program Files\IncrediMail
2007-08-23 08:47 --------- d-------- C:\Program Files\JEUX
2007-08-21 14:34 --------- d-------- C:\Program Files\DivX
2007-08-20 15:21 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-31 18:25 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Ahead
2007-07-30 12:33 --------- d-------- C:\Program Files\Elaborate Bytes
2007-07-30 12:15 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Skype
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-04 22:06 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-08 22:58 71680 --a------ C:\WINDOWS\g93435578.exe
2007-06-08 22:58 33792 --a------ C:\WINDOWS\system32\wudb.dll
2007-06-07 15:29 81920 --a------ C:\DOCUME~1\cynthia\APPLIC~1\ezpinst.exe
2007-06-07 15:28 47360 --a------ C:\DOCUME~1\cynthia\APPLIC~1\pcouffin.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{824E248A-7C1F-4BC7-8C0D-12632E2539DA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutlookMessenger"="C:\Program Files\Outlook Messenger\OutlookMessenger.exe" []
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSimpleStartMenu"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"MaxRecentDocs"=15 (0xf)
"NoInstrumentation"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"DisallowCpl"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhg]
C:\WINDOWS\system32\jkhhg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll 2007-06-08 22:58 33792 C:\WINDOWS\system32\wudb.dll
R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 20:25:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-23 20:26:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 20:26
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.195 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\b122.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\afqvtaig.dll
C:\WINDOWS\system32\clymlxti.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\dypyanqu.dll
C:\WINDOWS\system32\giatvqfa.ini
C:\WINDOWS\system32\siomcplp.exe
C:\WINDOWS\system32\winthg32.dll
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))
2007-08-23 16:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 14:51 <REP> d-------- C:\VundoFix Backups
2007-08-23 11:59 <REP> d-------- C:\ATI
2007-08-23 11:02 <REP> d-------- C:\Program Files\Lavalys
2007-08-23 10:07 5,248 --a------ C:\WINDOWS\system32\drivers\d346prt.sys
2007-08-23 10:07 156,800 --a------ C:\WINDOWS\system32\drivers\d346bus.sys
2007-08-23 10:07 <REP> d-------- C:\Program Files\D-Tools
2007-08-23 09:57 <REP> d-------- C:\Program Files\EA GAMES
2007-08-23 08:48 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-08-20 20:45 <REP> d-------- C:\Program Files\eMule
2007-08-20 17:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-20 15:26 <REP> d-------- C:\Program Files\Alcohol Soft
2007-07-31 18:26 <REP> d-------- C:\Program Files\MicroApp
2007-07-31 18:26 <REP> d-------- C:\DOCUME~1\cynthia\APPLIC~1\Hemera
2007-07-30 22:44 <REP> d-------- C:\Program Files\SDLL
2007-07-30 16:00 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2007-07-30 16:00 589,824 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-30 16:00 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-30 16:00 <REP> d-------- C:\WINDOWS\Cache
2007-07-30 15:58 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-07-30 15:58 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-07-30 15:58 <REP> d-------- C:\Program Files\Samsung
2007-07-30 15:56 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-23 13:49 --------- d-------- C:\Program Files\IncrediMail
2007-08-23 08:47 --------- d-------- C:\Program Files\JEUX
2007-08-21 14:34 --------- d-------- C:\Program Files\DivX
2007-08-20 15:21 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-31 18:25 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Ahead
2007-07-30 12:33 --------- d-------- C:\Program Files\Elaborate Bytes
2007-07-30 12:15 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Skype
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-04 22:06 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-08 22:58 71680 --a------ C:\WINDOWS\g93435578.exe
2007-06-08 22:58 33792 --a------ C:\WINDOWS\system32\wudb.dll
2007-06-07 15:29 81920 --a------ C:\DOCUME~1\cynthia\APPLIC~1\ezpinst.exe
2007-06-07 15:28 47360 --a------ C:\DOCUME~1\cynthia\APPLIC~1\pcouffin.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{824E248A-7C1F-4BC7-8C0D-12632E2539DA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutlookMessenger"="C:\Program Files\Outlook Messenger\OutlookMessenger.exe" []
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSimpleStartMenu"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"MaxRecentDocs"=15 (0xf)
"NoInstrumentation"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"DisallowCpl"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhg]
C:\WINDOWS\system32\jkhhg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll 2007-06-08 22:58 33792 C:\WINDOWS\system32\wudb.dll
R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 20:25:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-23 20:26:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 20:26
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:14, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cynthia\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {824E248A-7C1F-4BC7-8C0D-12632E2539DA} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [OutlookMessenger] "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4999 bytes
Scan saved at 21:10:14, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cynthia\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {824E248A-7C1F-4BC7-8C0D-12632E2539DA} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [OutlookMessenger] "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4999 bytes
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
ComboFix 07-08-17.2 - "cynael" 2007-08-26 12:35:45.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.285 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))
2007-08-23 21:27 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-23 21:27 <REP> d-------- C:\Program Files\SpywareBlaster
2007-08-23 16:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 14:51 <REP> d-------- C:\VundoFix Backups
2007-08-23 11:59 <REP> d-------- C:\ATI
2007-08-23 11:02 <REP> d-------- C:\Program Files\Lavalys
2007-08-23 10:07 5,248 --a------ C:\WINDOWS\system32\drivers\d346prt.sys
2007-08-23 10:07 156,800 --a------ C:\WINDOWS\system32\drivers\d346bus.sys
2007-08-23 10:07 <REP> d-------- C:\Program Files\D-Tools
2007-08-23 09:57 <REP> d-------- C:\Program Files\EA GAMES
2007-08-23 08:48 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-08-20 15:26 <REP> d-------- C:\Program Files\Alcohol Soft
2007-07-31 18:26 <REP> d-------- C:\Program Files\MicroApp
2007-07-31 18:26 <REP> d-------- C:\DOCUME~1\cynthia\APPLIC~1\Hemera
2007-07-30 22:44 <REP> d-------- C:\Program Files\SDLL
2007-07-30 16:00 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2007-07-30 16:00 589,824 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-30 16:00 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-30 16:00 <REP> d-------- C:\WINDOWS\Cache
2007-07-30 15:58 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-07-30 15:58 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-07-30 15:58 <REP> d-------- C:\Program Files\Samsung
2007-07-30 15:56 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-23 13:49 --------- d-------- C:\Program Files\IncrediMail
2007-08-23 08:47 --------- d-------- C:\Program Files\JEUX
2007-08-21 14:34 --------- d-------- C:\Program Files\DivX
2007-08-20 15:21 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-31 18:25 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Ahead
2007-07-30 12:33 --------- d-------- C:\Program Files\Elaborate Bytes
2007-07-30 12:15 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Skype
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-04 22:06 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-08 22:58 71680 --a------ C:\WINDOWS\g93435578.exe
2007-06-08 22:58 33792 --a------ C:\WINDOWS\system32\wudb.dll
2007-06-07 15:29 81920 --a------ C:\DOCUME~1\cynthia\APPLIC~1\ezpinst.exe
2007-06-07 15:28 47360 --a------ C:\DOCUME~1\cynthia\APPLIC~1\pcouffin.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutlookMessenger"="C:\Program Files\Outlook Messenger\OutlookMessenger.exe" []
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSimpleStartMenu"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"MaxRecentDocs"=15 (0xf)
"NoInstrumentation"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"DisallowCpl"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll 2007-06-08 22:58 33792 C:\WINDOWS\system32\wudb.dll
R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 12:37:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-26 12:38:51
C:\ComboFix-quarantined-files.txt ... 2007-08-26 12:38
C:\ComboFix2.txt ... 2007-08-25 12:44
C:\ComboFix3.txt ... 2007-08-23 20:26
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.285 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))
2007-08-23 21:27 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-23 21:27 <REP> d-------- C:\Program Files\SpywareBlaster
2007-08-23 16:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 14:51 <REP> d-------- C:\VundoFix Backups
2007-08-23 11:59 <REP> d-------- C:\ATI
2007-08-23 11:02 <REP> d-------- C:\Program Files\Lavalys
2007-08-23 10:07 5,248 --a------ C:\WINDOWS\system32\drivers\d346prt.sys
2007-08-23 10:07 156,800 --a------ C:\WINDOWS\system32\drivers\d346bus.sys
2007-08-23 10:07 <REP> d-------- C:\Program Files\D-Tools
2007-08-23 09:57 <REP> d-------- C:\Program Files\EA GAMES
2007-08-23 08:48 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-08-20 15:26 <REP> d-------- C:\Program Files\Alcohol Soft
2007-07-31 18:26 <REP> d-------- C:\Program Files\MicroApp
2007-07-31 18:26 <REP> d-------- C:\DOCUME~1\cynthia\APPLIC~1\Hemera
2007-07-30 22:44 <REP> d-------- C:\Program Files\SDLL
2007-07-30 16:00 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2007-07-30 16:00 589,824 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-30 16:00 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-30 16:00 <REP> d-------- C:\WINDOWS\Cache
2007-07-30 15:58 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-07-30 15:58 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-07-30 15:58 <REP> d-------- C:\Program Files\Samsung
2007-07-30 15:56 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-23 13:49 --------- d-------- C:\Program Files\IncrediMail
2007-08-23 08:47 --------- d-------- C:\Program Files\JEUX
2007-08-21 14:34 --------- d-------- C:\Program Files\DivX
2007-08-20 15:21 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-31 18:25 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Ahead
2007-07-30 12:33 --------- d-------- C:\Program Files\Elaborate Bytes
2007-07-30 12:15 --------- d-------- C:\DOCUME~1\cynthia\APPLIC~1\Skype
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-04 22:06 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-08 22:58 71680 --a------ C:\WINDOWS\g93435578.exe
2007-06-08 22:58 33792 --a------ C:\WINDOWS\system32\wudb.dll
2007-06-07 15:29 81920 --a------ C:\DOCUME~1\cynthia\APPLIC~1\ezpinst.exe
2007-06-07 15:28 47360 --a------ C:\DOCUME~1\cynthia\APPLIC~1\pcouffin.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutlookMessenger"="C:\Program Files\Outlook Messenger\OutlookMessenger.exe" []
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSimpleStartMenu"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"MaxRecentDocs"=15 (0xf)
"NoInstrumentation"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"DisallowCpl"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll 2007-06-08 22:58 33792 C:\WINDOWS\system32\wudb.dll
R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 12:37:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-26 12:38:51
C:\ComboFix-quarantined-files.txt ... 2007-08-26 12:38
C:\ComboFix2.txt ... 2007-08-25 12:44
C:\ComboFix3.txt ... 2007-08-23 20:26
--- E O F ---
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus fenetre intempestive
- ForumFenetre intempestive ou pop up
- ForumFenetre intempestive em.pc-on-internet.com
- ForumMozilla ouverture fenetre intempestive
- ForumBloquer fenetre intempestive firefox
- ForumFenetre intempestive virus
- ForumStopper fenetre intempestive
- ForumFenetre intempestive
- ForumOuverture fenetre intempestive dans firefox
- ForumMozilla fenetre intempestive
- Voir plus
