CHEVALDE TROIE
Dernière réponse : dans Sécurité
Bonjour a tous,
j'espere pouvoir trouver ici un peu d'aide car j'ai bien essayé de m'en sortir seul mais sans succes...
j'ai un ordi portable avec windows xp... suite a un manque de prudence de ma part , j'ai installé un programme douteux qui n'etait autre qu'un virus... il vient d'etre detecté par avast sous le nom: rarndrll2.exe et ttc.dll concretement ca se traduit par l'arrive de page de pub intempestive oud'autres sites... le bonheur...
j'ai essayé de redemarer sans echec puis de faire un scan avec AVG sans succes j'ai aussi installé sur mon ordi brute force installer et essayé de suivre un tuto lu sur un site
http://www.presence-pc.com/forum/ppc/Logiciels/secours-... 964-1.htm
mais sans succes ... j'ai egalement essayé de supprimer ces deux fichiers a partir du mode sans echec en utilisant la fonction "rechercher" mais l'ordi ne les a pas trouvé ...
je viens de telecharger hijackthis et je vous publie le rapport car je crois que c'est ce qu'il faut faire ... a la suite de ce rapport je publie le rapport d'avg...
( pour ceux qui auraient le courage de me repondre, merci de me parler comme a un enfant de quatre an car je n'y connait strictement rien dans ce domaine![;)]( ";)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:18, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\services.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001EC51.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
--
End of file - 7655 bytes
RAPPORT D AVG:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:41:12 01/11/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé.
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\IENCLOHL\8154ff2675af1b6e0677560871425153[1].zip/b138.exe -> Downloader.Agent.cbx : Nettoyé.
:mozilla.22:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.10:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.12:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.7:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.8:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Configuration: Windows XP
Firefox 2.0.0.8
j'espere pouvoir trouver ici un peu d'aide car j'ai bien essayé de m'en sortir seul mais sans succes...
j'ai un ordi portable avec windows xp... suite a un manque de prudence de ma part , j'ai installé un programme douteux qui n'etait autre qu'un virus... il vient d'etre detecté par avast sous le nom: rarndrll2.exe et ttc.dll concretement ca se traduit par l'arrive de page de pub intempestive oud'autres sites... le bonheur...
j'ai essayé de redemarer sans echec puis de faire un scan avec AVG sans succes j'ai aussi installé sur mon ordi brute force installer et essayé de suivre un tuto lu sur un site
http://www.presence-pc.com/forum/ppc/Logiciels/secours-... 964-1.htm
mais sans succes ... j'ai egalement essayé de supprimer ces deux fichiers a partir du mode sans echec en utilisant la fonction "rechercher" mais l'ordi ne les a pas trouvé ...
je viens de telecharger hijackthis et je vous publie le rapport car je crois que c'est ce qu'il faut faire ... a la suite de ce rapport je publie le rapport d'avg...
( pour ceux qui auraient le courage de me repondre, merci de me parler comme a un enfant de quatre an car je n'y connait strictement rien dans ce domaine
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:18, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\services.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001EC51.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
--
End of file - 7655 bytes
RAPPORT D AVG:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:41:12 01/11/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé.
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\IENCLOHL\8154ff2675af1b6e0677560871425153[1].zip/b138.exe -> Downloader.Agent.cbx : Nettoyé.
:mozilla.22:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.10:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.12:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.7:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.8:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Configuration: Windows XP
Firefox 2.0.0.8
Autres pages sur : chevalde troie
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
bon alors j'ai un nouveau soucis.. un message intitulé nom de programme x, y , z.exe-IMAGE INCORRECTE apparait sans cesse ( a chaque fois avec un nome de programme different apparement il m'empeche de faire fonctionner le programme que tu m'as donné...
et en dessous
l'APLICATION OU LA DLL C: windows/ system32\_c001EC51. dat n'est pas une image windows valide. verifier a l'aide de votre disquette d'istallation ..
et en dessous
l'APLICATION OU LA DLL C: windows/ system32\_c001EC51. dat n'est pas une image windows valide. verifier a l'aide de votre disquette d'istallation ..
Combofix n'a pas besoin d'installation.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
apparement des l'installation il a trouve un virus j'ai beau cliquer sur move to quarantine ou access deny ca reapparait ...
le message qui apparait c'est
c:\windows\system 32\_c009ADE2.dat
je viens d'aller rue montgallet pour voir ce que je pouvais faire et le type me demande 60E il m'a dit que la seule solution ct de reformater .. je te mets le scan des qu'il est pret merci![;)]( ";)")
le message qui apparait c'est
c:\windows\system 32\_c009ADE2.dat
je viens d'aller rue montgallet pour voir ce que je pouvais faire et le type me demande 60E il m'a dit que la seule solution ct de reformater .. je te mets le scan des qu'il est pret merci
ci joint le rapport antivir je te remercie par avance..
AntiVir PersonalEdition Classic
Report file date: 2007-11-03 13:15
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BEGNY-GA1A4CHG2
Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2007-11-03 13:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '24' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477c6725.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479f6776.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4791678c.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a66e4f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e63.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47986e62.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479d6e50.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e4e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475e6e21.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f6e62.qua'!
C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
[0] Archive type: ZIP
--> __c001EC51.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47636e63.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was moved to '475c6e48.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '475c6e89.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0a.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e57.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f11.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f12.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46c12e4b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f14.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f13.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4c.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4d.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f15.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f18.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f1b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '475c6f1e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '475c6f23.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f77.qua'!
C:\WINDOWS\mrofinu1000106.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46005930.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f79.qua'!
C:\WINDOWS\mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f78.qua'!
C:\WINDOWS\system32\lejygeds.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479671b9.qua'!
C:\WINDOWS\system32\nkiupqwt.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479571ca.qua'!
C:\WINDOWS\system32\spudscv.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was moved to '47a171d9.qua'!
C:\WINDOWS\system32\__c009ADE2.dat
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\b3\rarndrll2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] The file was moved to '479e72ab.qua'!
C:\WINDOWS\system32\u4\wr31drs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f7308.qua'!
End of the scan: 2007-11-03 14:07
Used time: 52:21 min
The scan has been done completely.
6463 Scanning directories
397755 Files were scanned
22 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397733 Files not concerned
6422 Archives were scanned
2 Warnings
50 Notes
AntiVir PersonalEdition Classic
Report file date: 2007-11-03 13:15
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BEGNY-GA1A4CHG2
Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2007-11-03 13:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '24' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477c6725.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479f6776.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4791678c.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a66e4f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e63.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47986e62.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479d6e50.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e4e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475e6e21.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f6e62.qua'!
C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
[0] Archive type: ZIP
--> __c001EC51.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47636e63.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was moved to '475c6e48.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '475c6e89.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0a.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e57.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f11.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f12.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46c12e4b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f14.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f13.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4c.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4d.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f15.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f18.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f1b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '475c6f1e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '475c6f23.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f77.qua'!
C:\WINDOWS\mrofinu1000106.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46005930.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f79.qua'!
C:\WINDOWS\mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f78.qua'!
C:\WINDOWS\system32\lejygeds.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479671b9.qua'!
C:\WINDOWS\system32\nkiupqwt.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479571ca.qua'!
C:\WINDOWS\system32\spudscv.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was moved to '47a171d9.qua'!
C:\WINDOWS\system32\__c009ADE2.dat
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\b3\rarndrll2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] The file was moved to '479e72ab.qua'!
C:\WINDOWS\system32\u4\wr31drs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f7308.qua'!
End of the scan: 2007-11-03 14:07
Used time: 52:21 min
The scan has been done completely.
6463 Scanning directories
397755 Files were scanned
22 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397733 Files not concerned
6422 Archives were scanned
2 Warnings
50 Notes
qqn m'a bcp aidé cette apres midi su un autre forum apparement ca a nettoyé pas mal de truc... je te poste le rapport deux avis valeent mieux qu'un ![;)]( ";)")
merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:37, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 8099 bytes
merci d'avanceLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:37, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 8099 bytes
ci joint le dernier log combofix... merci a toi ![;)]( ";)")
ComboFix 07-11-01.1 - BEGNY 2007-11-04 0:10:28.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1258 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.
2007-11-04 00:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 23:26 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Comodo
2007-11-03 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-03 23:19 <REP> d-------- C:\Program Files\Comodo
2007-11-03 19:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-03 17:38 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Grisoft
2007-11-03 17:38 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-03 17:33 <REP> d-------- C:\Program Files\CCleaner
2007-11-03 15:36 <REP> d-------- C:\pca
2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-10-31 17:17 <REP> d-------- C:\Temp
2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
2007-10-04 12:40 <REP> d-------- C:\Downloads
2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 19:35 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
2007-10-24 13:12 --------- d-----w C:\Program Files\Java
2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-09-23 19:41 --------- d-----w C:\Program Files\Google
2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
2007-09-20 16:25 --------- d-----w C:\Program Files\key
2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-03 23:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 00:15:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-04 0:17:18 - machine was rebooted
.
--- E O F ---
ComboFix 07-11-01.1 - BEGNY 2007-11-04 0:10:28.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1258 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.
2007-11-04 00:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 23:26 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Comodo
2007-11-03 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-03 23:19 <REP> d-------- C:\Program Files\Comodo
2007-11-03 19:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-03 17:38 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Grisoft
2007-11-03 17:38 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-03 17:33 <REP> d-------- C:\Program Files\CCleaner
2007-11-03 15:36 <REP> d-------- C:\pca
2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-10-31 17:17 <REP> d-------- C:\Temp
2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
2007-10-04 12:40 <REP> d-------- C:\Downloads
2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 19:35 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
2007-10-24 13:12 --------- d-----w C:\Program Files\Java
2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-09-23 19:41 --------- d-----w C:\Program Files\Google
2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
2007-09-20 16:25 --------- d-----w C:\Program Files\key
2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-03 23:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 00:15:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-04 0:17:18 - machine was rebooted
.
--- E O F ---
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumRésoluCheval de troie?
- Forumcheval de troie
- ForumHELP cheval de troie ! comment le supprimer ?
- Forumpas capable de supprimer un virus cheval de troie
- ForumAdobe Flash Player 11.2.202.228 = (Cheval De Troie)
- solutionsBonjour je cherche une solution (sans cheval de Troie pr débloquer mon portable S by SFR116
- ForumSytemVolumeInformation\_restore Cheval de Troie
- ForumCheval de Troie détecté et mis en quarantaine
- solutionsComment supprimer un cheval de troie qui revient tout le temps sur Avast ?
- Foruminfection cheval de troie tr/dldr,waick,A
- Voir plus
