live safety center & online security guide
Dernière réponse : dans Sécurité
Bonjour,
sur mon pc xp protégé par MacAfee Enterprise et AVG antispyware j'ai -deux icônes
live safety center & online security guide
qui apparaissent quoi que je fasse
-des messages en permanence me disant que je suis infecté
-des appels à télécharger des antivirus
-un triangle jaune dans le coin en bas à droite
-des fenêtres explorer qui s'ouvrent alors que j'utilise Mozilla
Bref..
compliqué
J'ai fait un HijackThis mais je ne sais quoi en faire dans ma situation
Voici le contenu du log HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:32, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wmplquxj.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Urcu] "C:\WINDOWS\CURITY~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Uirocq] C:\WINDOWS\system32\??curity\w?auclt.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kqbtnnve.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rteprejyg.html
--
End of file - 6703 bytes
sur mon pc xp protégé par MacAfee Enterprise et AVG antispyware j'ai -deux icônes
live safety center & online security guide
qui apparaissent quoi que je fasse
-des messages en permanence me disant que je suis infecté
-des appels à télécharger des antivirus
-un triangle jaune dans le coin en bas à droite
-des fenêtres explorer qui s'ouvrent alors que j'utilise Mozilla
Bref..
compliqué
J'ai fait un HijackThis mais je ne sais quoi en faire dans ma situation
Voici le contenu du log HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:32, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wmplquxj.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Urcu] "C:\WINDOWS\CURITY~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Uirocq] C:\WINDOWS\system32\??curity\w?auclt.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kqbtnnve.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rteprejyg.html
--
End of file - 6703 bytes
Autres pages sur : live safety center online security guide
Lassé par la pub ? Créez un compte
Bonjour,
Tu es bien infecté (Vundo, Purity..)
Fais ces manips dans l’ordre :
1/ Télécharge VundoFix.exe (d’ Atribune) :
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)
Tu es bien infecté (Vundo, Purity..)
Fais ces manips dans l’ordre :
1/ Télécharge VundoFix.exe (d’ Atribune) :
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)
Voici le rapport
ComboFix 07-11-08.1 - Utilisateur 2007-11-17 13:35:04.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1463 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Utilisateur\Bureau\internet.lnk
C:\Documents and Settings\Utilisateur\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Utilisateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Utilisateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\e.exe
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\YazzleBundle-1560.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Online Services\qugatam568.dll
C:\Program Files\Online Services\rteprejyg.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\curity~1
C:\WINDOWS\curity~1\??curity\
C:\WINDOWS\curity~1\notepad.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\rarndrll2.exe
C:\WINDOWS\system32\che.dll
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\curity~1\w?auclt.exe
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\fxqpdxvj.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\u4
C:\WINDOWS\system32\u4\wr31drs.exe
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wnsapii32.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\z.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 13:27 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-17 13:21 <REP> d-------- C:\VundoFix Backups
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:40 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 11:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 01:43 85,056 --a------ C:\WINDOWS\system32\jreltyll.dll
2007-11-17 01:40 81,984 --a------ C:\WINDOWS\system32\cyqnlorp.dll
2007-11-17 01:38 71,232 --a------ C:\WINDOWS\system32\icryfmce.exe
2007-11-17 01:38 36,352 --a------ C:\WINDOWS\system32\ddcyawu.dll
2007-11-16 06:28 36,352 --a------ C:\WINDOWS\system32\ddcdayy.dll
2007-11-16 06:27 <REP> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-16 06:27 <REP> d-------- C:\Temp\abW9
2007-11-15 23:50 260 --a------ C:\3445.bat
2007-11-15 23:50 77 --a------ C:\Documents and Settings\Utilisateur\2937.bat
2007-11-15 23:16 144,480 --a------ C:\WINDOWS\system32\orbvnkhg.dll
2007-11-15 23:07 79,936 --a------ C:\WINDOWS\system32\brxenlnm.dll
2007-11-15 23:05 71,232 --a------ C:\WINDOWS\system32\bychlrgf.exe
2007-11-15 23:05 260 --a------ C:\5164.bat
2007-11-15 23:05 77 --a------ C:\Documents and Settings\Utilisateur\4095.bat
2007-11-15 17:04 58,368 --------- C:\winlogon.exe
2007-11-15 17:04 40,960 --a------ C:\Documents and Settings\Utilisateur\f.exe
2007-11-15 17:04 36,352 --a------ C:\WINDOWS\system32\mljghed.dll
2007-11-15 17:04 36,352 --a------ C:\WINDOWS\system32\cbxvtsr.dll
2007-11-15 17:04 961 --a------ C:\Documents and Settings\Utilisateur\z.dat
2007-11-15 17:04 260 --a------ C:\5841.bat
2007-11-15 17:04 0 --a------ C:\x.dat
2007-11-15 17:04 0 --a------ C:\Documents and Settings\Utilisateur\x.dat
2007-11-15 17:03 77 --a------ C:\Documents and Settings\Utilisateur\3079.bat
2007-11-15 08:53 <REP> d-------- C:\Program Files\iPod
2007-11-05 22:16 786 --a------ C:\3129.bat
2007-11-05 22:16 67 --a------ C:\Documents and Settings\Utilisateur\4357.bat
2007-11-05 18:30 83,008 --a------ C:\WINDOWS\system32\uxxgugph.dll
2007-11-05 18:28 786 --a------ C:\8260.bat
2007-11-05 18:28 67 --a------ C:\Documents and Settings\Utilisateur\7244.bat
2007-11-05 06:37 786 --a------ C:\4261.bat
2007-11-05 06:37 786 --a------ C:\2043.bat
2007-11-05 01:25 786 --a------ C:\1083.bat
2007-11-05 01:25 786 --a------ C:\1044.bat
2007-11-05 01:02 786 --a------ C:\1548.bat
2007-11-05 01:02 786 --a------ C:\1031.bat
2007-11-05 00:55 <REP> d-------- C:\Program Files\RegCleaner
2007-11-05 00:47 786 --a------ C:\9990.bat
2007-11-05 00:46 786 --a------ C:\6578.bat
2007-11-04 21:28 786 --a------ C:\8651.bat
2007-11-04 21:28 786 --a------ C:\6167.bat
2007-11-04 21:23 786 --a------ C:\8496.bat
2007-11-04 21:23 786 --a------ C:\7829.bat
2007-11-04 19:37 786 --a------ C:\6483.bat
2007-11-04 19:37 786 --a------ C:\1246.bat
2007-11-04 18:21 786 --a------ C:\2118.bat
2007-11-04 18:21 786 --a------ C:\2097.bat
2007-11-04 11:13 78,912 --a------ C:\WINDOWS\system32\fploksek.dll
2007-11-04 11:12 786 --a------ C:\6771.bat
2007-11-04 11:11 786 --a------ C:\1504.bat
2007-11-04 08:44 786 --a------ C:\9031.bat
2007-11-04 08:44 786 --a------ C:\8305.bat
2007-11-04 01:25 786 --a------ C:\7619.bat
2007-11-04 01:25 786 --a------ C:\1659.bat
2007-11-04 00:55 786 --a------ C:\8921.bat
2007-11-04 00:54 786 --a------ C:\5069.bat
2007-11-04 00:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-03 23:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 22:57 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-03 22:57 786 --a------ C:\7565.bat
2007-11-03 22:57 120 --a------ C:\n.bat
2007-11-03 22:57 0 --a------ C:\z.dat
2007-11-03 22:56 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-03 22:56 <REP> d--hs---- C:\WINDOWS\dXNlcg
2007-11-03 22:56 <REP> d-------- C:\Temp\mZOr
2007-11-03 22:56 <REP> d-------- C:\Temp
2007-11-03 22:56 32,768 --a------ C:\Documents and Settings\Utilisateur\pdf.exe
2007-11-03 22:56 786 --a------ C:\4311.bat
2007-11-03 22:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:09 <REP> d--h----- C:\WINDOWS\PIF
2007-11-03 13:01 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DivX
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Shared
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Incomplete
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
2007-11-03 09:02 <REP> d-------- C:\Program Files\LimeWire
2007-11-03 08:44 <REP> d-------- C:\Program Files\eMule
2007-11-02 19:02 <REP> d-------- C:\Program Files\DivX
2007-11-01 11:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-11-01 09:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-30 18:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 18:53 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-30 13:04 20,640 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 00:06 <REP> d-------- C:\Program Files\Skype
2007-10-30 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 23:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Leadertech
2007-10-28 23:19 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-10-28 23:19 <REP> d-------- C:\Program Files\Documents To Go
2007-10-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-10-28 23:18 <REP> d-------- C:\Program Files\Palm
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\HotSync
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-10-27 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 22:28 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-19 14:58 --------- d-----w C:\Program Files\Realtek
2007-10-19 14:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-19 14:56 --------- d-----w C:\Program Files\Intel
2007-10-19 14:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 14:45 --------- d-----w C:\Program Files\Services en ligne
2007-10-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-01 11:15 839,686 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,685 --sh--w C:\WINDOWS\Fonts\svchost.exe
2005-07-29 15:24:26 472 --sha-r C:\WINDOWS\dXNlcg\xrh5w0.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B90DD23-430A-47A1-B4F9-7953128EC7B9}]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73F56494-FAD7-4735-81A2-9079489B3E9A}]
2007-08-02 14:43 282624 --a------ C:\Program Files\ComPlus Applications\metob83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6ded458-7a9a-4f15-ba2b-a23b24c5764c}]
2007-11-17 01:40 81984 --a------ C:\WINDOWS\system32\cyqnlorp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB4EBF36-3917-4EA1-9989-F4E2889AC05A}]
C:\Program Files\Online Services\qugatam.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43]
"nwiz"="nwiz.exe" [2007-06-28 17:43 C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 04:36]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 15:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 08:48]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"5c42dfe9"="C:\WINDOWS\system32\jreltyll.dll" [2007-11-17 01:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-26 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Urcu"="C:\WINDOWS\CURITY~1\notepad.exe" []
"Uirocq"="C:\WINDOWS\system32\??curity\w?auclt.exe" []
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-01 20:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 13:40:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 13:42:33 - machine was rebooted
.
--- E O F ---
Et maintenant un bon antivirus si vous pensez que le probl est réglé.. car les icônes ont disparu et je n'ai plus de mess intempestifs.. pour l'instant.. merci
ComboFix 07-11-08.1 - Utilisateur 2007-11-17 13:35:04.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1463 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Utilisateur\Bureau\internet.lnk
C:\Documents and Settings\Utilisateur\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Utilisateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Utilisateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\e.exe
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\YazzleBundle-1560.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Online Services\qugatam568.dll
C:\Program Files\Online Services\rteprejyg.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\curity~1
C:\WINDOWS\curity~1\??curity\
C:\WINDOWS\curity~1\notepad.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\rarndrll2.exe
C:\WINDOWS\system32\che.dll
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\curity~1\w?auclt.exe
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\fxqpdxvj.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\u4
C:\WINDOWS\system32\u4\wr31drs.exe
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wnsapii32.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\z.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 13:27 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-17 13:21 <REP> d-------- C:\VundoFix Backups
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:40 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 11:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 01:43 85,056 --a------ C:\WINDOWS\system32\jreltyll.dll
2007-11-17 01:40 81,984 --a------ C:\WINDOWS\system32\cyqnlorp.dll
2007-11-17 01:38 71,232 --a------ C:\WINDOWS\system32\icryfmce.exe
2007-11-17 01:38 36,352 --a------ C:\WINDOWS\system32\ddcyawu.dll
2007-11-16 06:28 36,352 --a------ C:\WINDOWS\system32\ddcdayy.dll
2007-11-16 06:27 <REP> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-16 06:27 <REP> d-------- C:\Temp\abW9
2007-11-15 23:50 260 --a------ C:\3445.bat
2007-11-15 23:50 77 --a------ C:\Documents and Settings\Utilisateur\2937.bat
2007-11-15 23:16 144,480 --a------ C:\WINDOWS\system32\orbvnkhg.dll
2007-11-15 23:07 79,936 --a------ C:\WINDOWS\system32\brxenlnm.dll
2007-11-15 23:05 71,232 --a------ C:\WINDOWS\system32\bychlrgf.exe
2007-11-15 23:05 260 --a------ C:\5164.bat
2007-11-15 23:05 77 --a------ C:\Documents and Settings\Utilisateur\4095.bat
2007-11-15 17:04 58,368 --------- C:\winlogon.exe
2007-11-15 17:04 40,960 --a------ C:\Documents and Settings\Utilisateur\f.exe
2007-11-15 17:04 36,352 --a------ C:\WINDOWS\system32\mljghed.dll
2007-11-15 17:04 36,352 --a------ C:\WINDOWS\system32\cbxvtsr.dll
2007-11-15 17:04 961 --a------ C:\Documents and Settings\Utilisateur\z.dat
2007-11-15 17:04 260 --a------ C:\5841.bat
2007-11-15 17:04 0 --a------ C:\x.dat
2007-11-15 17:04 0 --a------ C:\Documents and Settings\Utilisateur\x.dat
2007-11-15 17:03 77 --a------ C:\Documents and Settings\Utilisateur\3079.bat
2007-11-15 08:53 <REP> d-------- C:\Program Files\iPod
2007-11-05 22:16 786 --a------ C:\3129.bat
2007-11-05 22:16 67 --a------ C:\Documents and Settings\Utilisateur\4357.bat
2007-11-05 18:30 83,008 --a------ C:\WINDOWS\system32\uxxgugph.dll
2007-11-05 18:28 786 --a------ C:\8260.bat
2007-11-05 18:28 67 --a------ C:\Documents and Settings\Utilisateur\7244.bat
2007-11-05 06:37 786 --a------ C:\4261.bat
2007-11-05 06:37 786 --a------ C:\2043.bat
2007-11-05 01:25 786 --a------ C:\1083.bat
2007-11-05 01:25 786 --a------ C:\1044.bat
2007-11-05 01:02 786 --a------ C:\1548.bat
2007-11-05 01:02 786 --a------ C:\1031.bat
2007-11-05 00:55 <REP> d-------- C:\Program Files\RegCleaner
2007-11-05 00:47 786 --a------ C:\9990.bat
2007-11-05 00:46 786 --a------ C:\6578.bat
2007-11-04 21:28 786 --a------ C:\8651.bat
2007-11-04 21:28 786 --a------ C:\6167.bat
2007-11-04 21:23 786 --a------ C:\8496.bat
2007-11-04 21:23 786 --a------ C:\7829.bat
2007-11-04 19:37 786 --a------ C:\6483.bat
2007-11-04 19:37 786 --a------ C:\1246.bat
2007-11-04 18:21 786 --a------ C:\2118.bat
2007-11-04 18:21 786 --a------ C:\2097.bat
2007-11-04 11:13 78,912 --a------ C:\WINDOWS\system32\fploksek.dll
2007-11-04 11:12 786 --a------ C:\6771.bat
2007-11-04 11:11 786 --a------ C:\1504.bat
2007-11-04 08:44 786 --a------ C:\9031.bat
2007-11-04 08:44 786 --a------ C:\8305.bat
2007-11-04 01:25 786 --a------ C:\7619.bat
2007-11-04 01:25 786 --a------ C:\1659.bat
2007-11-04 00:55 786 --a------ C:\8921.bat
2007-11-04 00:54 786 --a------ C:\5069.bat
2007-11-04 00:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-03 23:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 22:57 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-03 22:57 786 --a------ C:\7565.bat
2007-11-03 22:57 120 --a------ C:\n.bat
2007-11-03 22:57 0 --a------ C:\z.dat
2007-11-03 22:56 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-03 22:56 <REP> d--hs---- C:\WINDOWS\dXNlcg
2007-11-03 22:56 <REP> d-------- C:\Temp\mZOr
2007-11-03 22:56 <REP> d-------- C:\Temp
2007-11-03 22:56 32,768 --a------ C:\Documents and Settings\Utilisateur\pdf.exe
2007-11-03 22:56 786 --a------ C:\4311.bat
2007-11-03 22:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:09 <REP> d--h----- C:\WINDOWS\PIF
2007-11-03 13:01 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DivX
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Shared
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Incomplete
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
2007-11-03 09:02 <REP> d-------- C:\Program Files\LimeWire
2007-11-03 08:44 <REP> d-------- C:\Program Files\eMule
2007-11-02 19:02 <REP> d-------- C:\Program Files\DivX
2007-11-01 11:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-11-01 09:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-30 18:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 18:53 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-30 13:04 20,640 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 00:06 <REP> d-------- C:\Program Files\Skype
2007-10-30 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 23:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Leadertech
2007-10-28 23:19 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-10-28 23:19 <REP> d-------- C:\Program Files\Documents To Go
2007-10-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-10-28 23:18 <REP> d-------- C:\Program Files\Palm
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\HotSync
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-10-27 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 22:28 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-19 14:58 --------- d-----w C:\Program Files\Realtek
2007-10-19 14:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-19 14:56 --------- d-----w C:\Program Files\Intel
2007-10-19 14:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 14:45 --------- d-----w C:\Program Files\Services en ligne
2007-10-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-01 11:15 839,686 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,685 --sh--w C:\WINDOWS\Fonts\svchost.exe
2005-07-29 15:24:26 472 --sha-r C:\WINDOWS\dXNlcg\xrh5w0.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B90DD23-430A-47A1-B4F9-7953128EC7B9}]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73F56494-FAD7-4735-81A2-9079489B3E9A}]
2007-08-02 14:43 282624 --a------ C:\Program Files\ComPlus Applications\metob83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6ded458-7a9a-4f15-ba2b-a23b24c5764c}]
2007-11-17 01:40 81984 --a------ C:\WINDOWS\system32\cyqnlorp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB4EBF36-3917-4EA1-9989-F4E2889AC05A}]
C:\Program Files\Online Services\qugatam.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43]
"nwiz"="nwiz.exe" [2007-06-28 17:43 C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 04:36]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 15:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 08:48]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"5c42dfe9"="C:\WINDOWS\system32\jreltyll.dll" [2007-11-17 01:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-26 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Urcu"="C:\WINDOWS\CURITY~1\notepad.exe" []
"Uirocq"="C:\WINDOWS\system32\??curity\w?auclt.exe" []
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-01 20:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 13:40:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 13:42:33 - machine was rebooted
.
--- E O F ---
Et maintenant un bon antivirus si vous pensez que le probl est réglé.. car les icônes ont disparu et je n'ai plus de mess intempestifs.. pour l'instant.. merci
Il en reste encore beaucoup.
On en mettra un à la fin.
Copie le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
++++++++++++
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Lance SDFix.
Double clique sur RunThis.bat .
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
+++++++++++
Télécharge Purity.zip
Dézippe-le sur le bureau..
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Doublie clique sur le dossier Purity. Exécute Purity.bat .
Le bloc note va s’ouvrir. Poste le rapport ici.
Le rapport se trouve dans le dossier Purity : >Purity.txt<
++++++++
Poste tous les rapports ainsi qu'un nouveau Hijackthis
On en mettra un à la fin.
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\icryfmce.exe
C:\WINDOWS\system32\ddcyawu.dll
C:\WINDOWS\system32\ddcdayy.dll
C:\3445.bat
C:\Documents and Settings\Utilisateur\2937.bat
C:\WINDOWS\system32\orbvnkhg.dll
C:\WINDOWS\system32\brxenlnm.dll
C:\WINDOWS\system32\bychlrgf.exe
C:\5164.bat
C:\Documents and Settings\Utilisateur\4095.bat
C:\winlogon.exe
C:\Documents and Settings\Utilisateur\f.exe
C:\WINDOWS\system32\mljghed.dll
C:\WINDOWS\system32\cbxvtsr.dll
C:\Documents and Settings\Utilisateur\z.dat
C:\5841.bat
C:\x.dat
C:\Documents and Settings\Utilisateur\x.dat
C:\Documents and Settings\Utilisateur\3079.bat
C:\3129.bat
C:\Documents and Settings\Utilisateur\4357.bat
C:\WINDOWS\system32\uxxgugph.dll
C:\8260.bat
C:\Documents and Settings\Utilisateur\7244.bat
C:\4261.bat
C:\2043.bat
C:\1083.bat
C:\1044.bat
C:\1548.bat
C:\1031.bat
C:\9990.bat
C:\6578.bat
C:\8651.bat
C:\6167.bat
C:\8496.bat
C:\7829.bat
C:\6483.bat
C:\1246.bat
C:\2118.bat
C:\2097.bat
C:\WINDOWS\system32\fploksek.dll
C:\6771.bat
C:\1504.bat
C:\9031.bat
C:\8305.bat
C:\7619.bat
C:\1659.bat
C:\8921.bat
C:\5069.bat
C:\WINDOWS\system32\d3d9caps.dat
C:\7565.bat
C:\n.bat
C:\z.dat
C:\4311.bat
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\jreltyll.dll
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\rMa18yy
C:\Temp\abW9
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\dXNlcg
C:\Temp\mZOr
C:\Program Files\ComPlus Applications
C:\Program Files\Online Services
C:\WINDOWS\CURITY~1
C:\WINDOWS\system32\security
C:\Program Files\WinAble
C:\Program Files\Insider
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B90DD23-430A-47A1-B4F9-7953128EC7B9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73F56494-FAD7-4735-81A2-9079489B3E9A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6ded458-7a9a-4f15-ba2b-a23b24c5764c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB4EBF36-3917-4EA1-9989-F4E2889AC05A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
"Host Process"=-
"5c42dfe9"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Urcu"=-
"Uirocq"=-
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\icryfmce.exe
C:\WINDOWS\system32\ddcyawu.dll
C:\WINDOWS\system32\ddcdayy.dll
C:\3445.bat
C:\Documents and Settings\Utilisateur\2937.bat
C:\WINDOWS\system32\orbvnkhg.dll
C:\WINDOWS\system32\brxenlnm.dll
C:\WINDOWS\system32\bychlrgf.exe
C:\5164.bat
C:\Documents and Settings\Utilisateur\4095.bat
C:\winlogon.exe
C:\Documents and Settings\Utilisateur\f.exe
C:\WINDOWS\system32\mljghed.dll
C:\WINDOWS\system32\cbxvtsr.dll
C:\Documents and Settings\Utilisateur\z.dat
C:\5841.bat
C:\x.dat
C:\Documents and Settings\Utilisateur\x.dat
C:\Documents and Settings\Utilisateur\3079.bat
C:\3129.bat
C:\Documents and Settings\Utilisateur\4357.bat
C:\WINDOWS\system32\uxxgugph.dll
C:\8260.bat
C:\Documents and Settings\Utilisateur\7244.bat
C:\4261.bat
C:\2043.bat
C:\1083.bat
C:\1044.bat
C:\1548.bat
C:\1031.bat
C:\9990.bat
C:\6578.bat
C:\8651.bat
C:\6167.bat
C:\8496.bat
C:\7829.bat
C:\6483.bat
C:\1246.bat
C:\2118.bat
C:\2097.bat
C:\WINDOWS\system32\fploksek.dll
C:\6771.bat
C:\1504.bat
C:\9031.bat
C:\8305.bat
C:\7619.bat
C:\1659.bat
C:\8921.bat
C:\5069.bat
C:\WINDOWS\system32\d3d9caps.dat
C:\7565.bat
C:\n.bat
C:\z.dat
C:\4311.bat
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\jreltyll.dll
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\rMa18yy
C:\Temp\abW9
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\dXNlcg
C:\Temp\mZOr
C:\Program Files\ComPlus Applications
C:\Program Files\Online Services
C:\WINDOWS\CURITY~1
C:\WINDOWS\system32\security
C:\Program Files\WinAble
C:\Program Files\Insider
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B90DD23-430A-47A1-B4F9-7953128EC7B9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73F56494-FAD7-4735-81A2-9079489B3E9A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6ded458-7a9a-4f15-ba2b-a23b24c5764c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB4EBF36-3917-4EA1-9989-F4E2889AC05A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
"Host Process"=-
"5c42dfe9"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Urcu"=-
"Uirocq"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
++++++++++++
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Lance SDFix.
Double clique sur RunThis.bat .
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
+++++++++++
Télécharge Purity.zip
Dézippe-le sur le bureau..
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Doublie clique sur le dossier Purity. Exécute Purity.bat .
Le bloc note va s’ouvrir. Poste le rapport ici.
Le rapport se trouve dans le dossier Purity : >Purity.txt<
++++++++
Poste tous les rapports ainsi qu'un nouveau Hijackthis
Rapport combofix :
ComboFix 07-11-08.1 - Utilisateur 2007-11-17 15:28:18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1375 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\1031.bat
C:\1044.bat
C:\1083.bat
C:\1246.bat
C:\1504.bat
C:\1548.bat
C:\1659.bat
C:\2043.bat
C:\2097.bat
C:\2118.bat
C:\3129.bat
C:\3445.bat
C:\4261.bat
C:\4311.bat
C:\5069.bat
C:\5164.bat
C:\5841.bat
C:\6167.bat
C:\6483.bat
C:\6578.bat
C:\6771.bat
C:\7565.bat
C:\7619.bat
C:\7829.bat
C:\8260.bat
C:\8305.bat
C:\8496.bat
C:\8651.bat
C:\8921.bat
C:\9031.bat
C:\9990.bat
C:\Documents and Settings\Utilisateur\2937.bat
C:\Documents and Settings\Utilisateur\3079.bat
C:\Documents and Settings\Utilisateur\4095.bat
C:\Documents and Settings\Utilisateur\4357.bat
C:\Documents and Settings\Utilisateur\7244.bat
C:\Documents and Settings\Utilisateur\f.exe
C:\Documents and Settings\Utilisateur\x.dat
C:\Documents and Settings\Utilisateur\z.dat
C:\n.bat
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\brxenlnm.dll
C:\WINDOWS\system32\bychlrgf.exe
C:\WINDOWS\system32\cbxvtsr.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddcdayy.dll
C:\WINDOWS\system32\ddcyawu.dll
C:\WINDOWS\system32\fploksek.dll
C:\WINDOWS\system32\icryfmce.exe
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\mljghed.dll
C:\WINDOWS\system32\orbvnkhg.dll
C:\WINDOWS\system32\uxxgugph.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\winsys2.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1031.bat
C:\1044.bat
C:\1083.bat
C:\1246.bat
C:\1504.bat
C:\1548.bat
C:\1659.bat
C:\2043.bat
C:\2097.bat
C:\2118.bat
C:\3129.bat
C:\3445.bat
C:\4261.bat
C:\4311.bat
C:\5069.bat
C:\5164.bat
C:\5841.bat
C:\6167.bat
C:\6483.bat
C:\6578.bat
C:\6771.bat
C:\7565.bat
C:\7619.bat
C:\7829.bat
C:\8260.bat
C:\8305.bat
C:\8496.bat
C:\8651.bat
C:\8921.bat
C:\9031.bat
C:\9990.bat
C:\Documents and Settings\Utilisateur\2937.bat
C:\Documents and Settings\Utilisateur\3079.bat
C:\Documents and Settings\Utilisateur\4095.bat
C:\Documents and Settings\Utilisateur\4357.bat
C:\Documents and Settings\Utilisateur\7244.bat
C:\Documents and Settings\Utilisateur\f.exe
C:\Documents and Settings\Utilisateur\x.dat
C:\Documents and Settings\Utilisateur\z.dat
C:\n.bat
C:\Program Files\ComPlus Applications
C:\Program Files\ComPlus Applications\metob4444.dll
C:\Program Files\ComPlus Applications\metob83122.dll
C:\Program Files\Online Services
C:\Program Files\Online Services\qugatam
C:\Program Files\Online Services\Utilisez MSN Explorer pour vous abonnez et avoir accès à Internet (US seulement).lnk
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\Temp\mZOr
C:\Temp\mZOr\tOasF.log
C:\VundoFix Backups
C:\VundoFix Backups\bbadd.bak1.bad
C:\VundoFix Backups\bbadd.bak2.bad
C:\VundoFix Backups\bbadd.ini.bad
C:\VundoFix Backups\ddabb.dll.bad
C:\VundoFix Backups\pmnkkij.dll.bad
C:\VundoFix Backups\tuvurst.dll.bad
C:\VundoFix Backups\urqoppm.dll.bad
C:\VundoFix Backups\wmplquxj.dll.bad
C:\VundoFix Backups\wmplquxj.dllbox.bad
C:\WINDOWS\dXNlcg
C:\WINDOWS\dXNlcg\xrh5w0.vbs
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\brxenlnm.dll
C:\WINDOWS\system32\bychlrgf.exe
C:\WINDOWS\system32\cbxvtsr.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddcdayy.dll
C:\WINDOWS\system32\ddcyawu.dll
C:\WINDOWS\system32\fploksek.dll
C:\WINDOWS\system32\icryfmce.exe
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\mljghed.dll
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\Mz18r\Mz18r2328.exe
C:\WINDOWS\system32\orbvnkhg.dll
C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\rMa18yy\rMa18yy2328.exe
C:\WINDOWS\system32\uxxgugph.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\yyadd.bak1
C:\WINDOWS\system32\yyadd.ini
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:43 36,352 --a------ C:\WINDOWS\system32\urqqnlk.dll
2007-11-17 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:40 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 11:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-15 08:53 <REP> d-------- C:\Program Files\iPod
2007-11-05 00:55 <REP> d-------- C:\Program Files\RegCleaner
2007-11-03 23:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 22:57 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-03 22:56 <REP> d-------- C:\Temp
2007-11-03 22:56 32,768 --a------ C:\Documents and Settings\Utilisateur\pdf.exe
2007-11-03 22:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:09 <REP> d--h----- C:\WINDOWS\PIF
2007-11-03 13:01 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DivX
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Shared
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Incomplete
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
2007-11-03 09:02 <REP> d-------- C:\Program Files\LimeWire
2007-11-03 08:44 <REP> d-------- C:\Program Files\eMule
2007-11-02 19:02 <REP> d-------- C:\Program Files\DivX
2007-11-01 11:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-11-01 09:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-30 18:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 18:53 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-30 13:04 20,640 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 00:06 <REP> d-------- C:\Program Files\Skype
2007-10-30 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 23:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Leadertech
2007-10-28 23:19 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-10-28 23:19 <REP> d-------- C:\Program Files\Documents To Go
2007-10-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-10-28 23:18 <REP> d-------- C:\Program Files\Palm
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\HotSync
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-10-28 23:18 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-10-27 20:31 <REP> d-------- C:\Documents and Settings\Utilisateur\Contacts
2007-10-27 20:30 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-27 19:54 <REP> d-------- C:\Program Files\CopyPod
2007-10-27 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyPod
2007-10-27 19:46 <REP> d-------- C:\Program Files\WindSolutions
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTransControlCenter
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTrans
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2007-10-27 12:18 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-27 12:18 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-27 12:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-27 12:18 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-27 11:28 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-10-27 11:27 <REP> d-------- C:\Program Files\Logitech
2007-10-27 10:22 <REP> d-------- C:\Program Files\PowerPacket
2007-10-27 09:11 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Thunderbird
2007-10-27 01:04 <REP> d-------- C:\quarantine
2007-10-27 00:52 <REP> d-------- C:\Program Files\SEC
2007-10-27 00:28 <REP> d-------- C:\Program Files\Soulseek
2007-10-27 00:26 <REP> d-------- C:\Program Files\Network Associates
2007-10-27 00:26 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-10-27 00:26 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-10-27 00:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-10-27 00:26 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 00:26 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-10-27 00:23 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-27 00:21 <REP> d-------- C:\WINDOWS\Sun
2007-10-27 00:21 <REP> d-------- C:\Program Files\Java
2007-10-27 00:20 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-27 00:19 1,536 --a------ C:\WINDOWS\mozver.dat
2007-10-27 00:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Talkback
2007-10-27 00:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-26 23:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CyberLink
2007-10-26 23:39 <REP> d-------- C:\Program Files\QuickTime
2007-10-26 23:39 <REP> d-------- C:\Program Files\iTunes
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Apple Computer
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-26 23:38 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-10-26 23:38 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-26 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-26 23:38 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-26 23:34 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-26 23:24 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-26 23:24 <REP> d-------- C:\Program Files\Google
2007-10-26 23:21 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AdobeUM
2007-10-23 11:18 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-10-23 11:18 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 11:17 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-23 11:17 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-10-20 09:01 <REP> d-------- C:\Program Files\Western Digital Technologies
2007-10-20 09:01 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 01:54 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-20 01:54 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-10-20 01:54 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-10-27 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 22:28 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-19 14:58 --------- d-----w C:\Program Files\Realtek
2007-10-19 14:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-19 14:56 --------- d-----w C:\Program Files\Intel
2007-10-19 14:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 14:45 --------- d-----w C:\Program Files\Services en ligne
2007-10-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-17 13:43 36352 --a------ C:\WINDOWS\system32\urqqnlk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43]
"nwiz"="nwiz.exe" [2007-06-28 17:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 15:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 08:48]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"5c42dfe9"="C:\WINDOWS\system32\jreltyll.dll" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-26 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Urcu"="C:\WINDOWS\CURITY~1\notepad.exe" []
"Uirocq"="C:\WINDOWS\system32\??curity\w?auclt.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\urqqnlk.dll [2007-11-17 13:43 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnlk]
urqqnlk.dll 2007-11-17 13:43 36352 C:\WINDOWS\system32\urqqnlk.dll
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-01 20:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:33:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 15:36:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-17 13:42
.
--- E O F ---
Rapport HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:48, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\urqqnlk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Urcu] "C:\WINDOWS\CURITY~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Uirocq] C:\WINDOWS\system32\??curity\w?auclt.exe
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqqnlk - C:\WINDOWS\SYSTEM32\urqqnlk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 8284 bytes
Je fais l'étape SDFIX maintenant
ComboFix 07-11-08.1 - Utilisateur 2007-11-17 15:28:18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1375 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\1031.bat
C:\1044.bat
C:\1083.bat
C:\1246.bat
C:\1504.bat
C:\1548.bat
C:\1659.bat
C:\2043.bat
C:\2097.bat
C:\2118.bat
C:\3129.bat
C:\3445.bat
C:\4261.bat
C:\4311.bat
C:\5069.bat
C:\5164.bat
C:\5841.bat
C:\6167.bat
C:\6483.bat
C:\6578.bat
C:\6771.bat
C:\7565.bat
C:\7619.bat
C:\7829.bat
C:\8260.bat
C:\8305.bat
C:\8496.bat
C:\8651.bat
C:\8921.bat
C:\9031.bat
C:\9990.bat
C:\Documents and Settings\Utilisateur\2937.bat
C:\Documents and Settings\Utilisateur\3079.bat
C:\Documents and Settings\Utilisateur\4095.bat
C:\Documents and Settings\Utilisateur\4357.bat
C:\Documents and Settings\Utilisateur\7244.bat
C:\Documents and Settings\Utilisateur\f.exe
C:\Documents and Settings\Utilisateur\x.dat
C:\Documents and Settings\Utilisateur\z.dat
C:\n.bat
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\brxenlnm.dll
C:\WINDOWS\system32\bychlrgf.exe
C:\WINDOWS\system32\cbxvtsr.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddcdayy.dll
C:\WINDOWS\system32\ddcyawu.dll
C:\WINDOWS\system32\fploksek.dll
C:\WINDOWS\system32\icryfmce.exe
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\mljghed.dll
C:\WINDOWS\system32\orbvnkhg.dll
C:\WINDOWS\system32\uxxgugph.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\winsys2.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1031.bat
C:\1044.bat
C:\1083.bat
C:\1246.bat
C:\1504.bat
C:\1548.bat
C:\1659.bat
C:\2043.bat
C:\2097.bat
C:\2118.bat
C:\3129.bat
C:\3445.bat
C:\4261.bat
C:\4311.bat
C:\5069.bat
C:\5164.bat
C:\5841.bat
C:\6167.bat
C:\6483.bat
C:\6578.bat
C:\6771.bat
C:\7565.bat
C:\7619.bat
C:\7829.bat
C:\8260.bat
C:\8305.bat
C:\8496.bat
C:\8651.bat
C:\8921.bat
C:\9031.bat
C:\9990.bat
C:\Documents and Settings\Utilisateur\2937.bat
C:\Documents and Settings\Utilisateur\3079.bat
C:\Documents and Settings\Utilisateur\4095.bat
C:\Documents and Settings\Utilisateur\4357.bat
C:\Documents and Settings\Utilisateur\7244.bat
C:\Documents and Settings\Utilisateur\f.exe
C:\Documents and Settings\Utilisateur\x.dat
C:\Documents and Settings\Utilisateur\z.dat
C:\n.bat
C:\Program Files\ComPlus Applications
C:\Program Files\ComPlus Applications\metob4444.dll
C:\Program Files\ComPlus Applications\metob83122.dll
C:\Program Files\Online Services
C:\Program Files\Online Services\qugatam
C:\Program Files\Online Services\Utilisez MSN Explorer pour vous abonnez et avoir accès à Internet (US seulement).lnk
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\Temp\mZOr
C:\Temp\mZOr\tOasF.log
C:\VundoFix Backups
C:\VundoFix Backups\bbadd.bak1.bad
C:\VundoFix Backups\bbadd.bak2.bad
C:\VundoFix Backups\bbadd.ini.bad
C:\VundoFix Backups\ddabb.dll.bad
C:\VundoFix Backups\pmnkkij.dll.bad
C:\VundoFix Backups\tuvurst.dll.bad
C:\VundoFix Backups\urqoppm.dll.bad
C:\VundoFix Backups\wmplquxj.dll.bad
C:\VundoFix Backups\wmplquxj.dllbox.bad
C:\WINDOWS\dXNlcg
C:\WINDOWS\dXNlcg\xrh5w0.vbs
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\brxenlnm.dll
C:\WINDOWS\system32\bychlrgf.exe
C:\WINDOWS\system32\cbxvtsr.dll
C:\WINDOWS\system32\cyqnlorp.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddcdayy.dll
C:\WINDOWS\system32\ddcyawu.dll
C:\WINDOWS\system32\fploksek.dll
C:\WINDOWS\system32\icryfmce.exe
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\mljghed.dll
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\Mz18r\Mz18r2328.exe
C:\WINDOWS\system32\orbvnkhg.dll
C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\rMa18yy\rMa18yy2328.exe
C:\WINDOWS\system32\uxxgugph.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\yyadd.bak1
C:\WINDOWS\system32\yyadd.ini
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:43 36,352 --a------ C:\WINDOWS\system32\urqqnlk.dll
2007-11-17 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:40 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 11:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-15 08:53 <REP> d-------- C:\Program Files\iPod
2007-11-05 00:55 <REP> d-------- C:\Program Files\RegCleaner
2007-11-03 23:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 22:57 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-03 22:56 <REP> d-------- C:\Temp
2007-11-03 22:56 32,768 --a------ C:\Documents and Settings\Utilisateur\pdf.exe
2007-11-03 22:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:09 <REP> d--h----- C:\WINDOWS\PIF
2007-11-03 13:01 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DivX
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Shared
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Incomplete
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
2007-11-03 09:02 <REP> d-------- C:\Program Files\LimeWire
2007-11-03 08:44 <REP> d-------- C:\Program Files\eMule
2007-11-02 19:02 <REP> d-------- C:\Program Files\DivX
2007-11-01 11:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-11-01 09:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-30 18:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 18:53 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-30 13:04 20,640 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 00:06 <REP> d-------- C:\Program Files\Skype
2007-10-30 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 23:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Leadertech
2007-10-28 23:19 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-10-28 23:19 <REP> d-------- C:\Program Files\Documents To Go
2007-10-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-10-28 23:18 <REP> d-------- C:\Program Files\Palm
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\HotSync
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-10-28 23:18 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-10-27 20:31 <REP> d-------- C:\Documents and Settings\Utilisateur\Contacts
2007-10-27 20:30 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-27 19:54 <REP> d-------- C:\Program Files\CopyPod
2007-10-27 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyPod
2007-10-27 19:46 <REP> d-------- C:\Program Files\WindSolutions
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTransControlCenter
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTrans
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2007-10-27 12:18 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-27 12:18 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-27 12:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-27 12:18 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-27 11:28 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-10-27 11:27 <REP> d-------- C:\Program Files\Logitech
2007-10-27 10:22 <REP> d-------- C:\Program Files\PowerPacket
2007-10-27 09:11 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Thunderbird
2007-10-27 01:04 <REP> d-------- C:\quarantine
2007-10-27 00:52 <REP> d-------- C:\Program Files\SEC
2007-10-27 00:28 <REP> d-------- C:\Program Files\Soulseek
2007-10-27 00:26 <REP> d-------- C:\Program Files\Network Associates
2007-10-27 00:26 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-10-27 00:26 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-10-27 00:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-10-27 00:26 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 00:26 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-10-27 00:23 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-27 00:21 <REP> d-------- C:\WINDOWS\Sun
2007-10-27 00:21 <REP> d-------- C:\Program Files\Java
2007-10-27 00:20 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-27 00:19 1,536 --a------ C:\WINDOWS\mozver.dat
2007-10-27 00:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Talkback
2007-10-27 00:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-26 23:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CyberLink
2007-10-26 23:39 <REP> d-------- C:\Program Files\QuickTime
2007-10-26 23:39 <REP> d-------- C:\Program Files\iTunes
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Apple Computer
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-26 23:38 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-10-26 23:38 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-26 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-26 23:38 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-26 23:34 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-26 23:24 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-26 23:24 <REP> d-------- C:\Program Files\Google
2007-10-26 23:21 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AdobeUM
2007-10-23 11:18 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-10-23 11:18 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 11:17 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-23 11:17 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-10-20 09:01 <REP> d-------- C:\Program Files\Western Digital Technologies
2007-10-20 09:01 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 01:54 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-20 01:54 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-10-20 01:54 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-10-27 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 22:28 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-19 14:58 --------- d-----w C:\Program Files\Realtek
2007-10-19 14:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-19 14:56 --------- d-----w C:\Program Files\Intel
2007-10-19 14:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 14:45 --------- d-----w C:\Program Files\Services en ligne
2007-10-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-17 13:43 36352 --a------ C:\WINDOWS\system32\urqqnlk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43]
"nwiz"="nwiz.exe" [2007-06-28 17:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 15:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 08:48]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"5c42dfe9"="C:\WINDOWS\system32\jreltyll.dll" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-26 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Urcu"="C:\WINDOWS\CURITY~1\notepad.exe" []
"Uirocq"="C:\WINDOWS\system32\??curity\w?auclt.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\urqqnlk.dll [2007-11-17 13:43 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnlk]
urqqnlk.dll 2007-11-17 13:43 36352 C:\WINDOWS\system32\urqqnlk.dll
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-01 20:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:33:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 15:36:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-17 13:42
.
--- E O F ---
Rapport HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:48, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\urqqnlk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Urcu] "C:\WINDOWS\CURITY~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Uirocq] C:\WINDOWS\system32\??curity\w?auclt.exe
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqqnlk - C:\WINDOWS\SYSTEM32\urqqnlk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 8284 bytes
Je fais l'étape SDFIX maintenant
voilà le report sdfix
SDFix: Version 1.114
Run by Utilisateur on sam. 17/11/2007 at 15:47
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
Folder C:\WINDOWS\Fonts\' - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 16:18:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 17 Nov 2007 6,473 ..SH. --- "C:\WINDOWS\system32\kjkkj.bak1"
Tue 30 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT7.tmp"
Fri 14 Nov 2003 683,288 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\ARTICLES ANALYSE CHAT.ZIP"
Fri 19 Dec 2003 1,204 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\d‚cembre2003-Articles-tutoratversion2.zip"
Fri 19 Dec 2003 319,611 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\D‚CEMBRE2003-ARTICLES-TUTORATVERSION21.ZIP"
Fri 19 Dec 2003 521,645 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\SDF.zip"
Mon 24 Nov 2003 19,968 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL0001.tmp"
Mon 17 Apr 2006 202,240 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL0741.tmp"
Wed 17 Dec 2003 86,528 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL1229.tmp"
Mon 24 Nov 2003 20,992 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL1370.tmp"
Wed 2 Jun 2004 23,552 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL2339.tmp"
Wed 2 Jun 2004 25,600 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL3743.tmp"
Thu 13 Jul 2006 53,760 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Dossier2006-2007\~WRL0031.tmp"
Fri 19 May 2006 35,328 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Dossier2006-2007\~WRL2731.tmp"
Tue 17 Jan 2006 25,088 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL0769.tmp"
Tue 17 Jan 2006 22,528 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL1625.tmp"
Tue 17 Jan 2006 97,280 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL2207.tmp"
Tue 17 Jan 2006 40,960 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL3321.tmp"
Tue 17 Jan 2006 101,376 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL3618.tmp"
Thu 25 Jan 2007 262,656 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\eiah2007\~WRL4067.tmp"
Tue 27 Nov 2001 838,059 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Minerva\MinervaNov2001.zip"
Wed 25 Feb 2004 178,176 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0048.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0064.tmp"
Wed 25 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0119.tmp"
Wed 25 Feb 2004 67,584 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0239.tmp"
Wed 25 Feb 2004 65,024 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0268.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0286.tmp"
Wed 25 Feb 2004 179,712 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0447.tmp"
Wed 25 Feb 2004 180,224 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0962.tmp"
Wed 25 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0997.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1041.tmp"
Wed 25 Feb 2004 65,024 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1647.tmp"
Wed 25 Feb 2004 64,000 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1778.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1944.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2138.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2249.tmp"
Wed 25 Feb 2004 68,096 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2489.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2673.tmp"
Wed 25 Feb 2004 67,584 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2763.tmp"
Fri 28 May 2004 56,320 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2884.tmp"
Wed 25 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3314.tmp"
Wed 25 Feb 2004 181,248 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3850.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3911.tmp"
Wed 25 Feb 2004 64,000 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3961.tmp"
Wed 2 Jun 2004 55,808 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL4024.tmp"
Tue 11 Oct 2005 158,720 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚\2005\~WRL3459.tmp"
Tue 25 Oct 2005 188,416 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL0941.tmp"
Tue 25 Oct 2005 186,880 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL1613.tmp"
Tue 25 Oct 2005 187,392 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL1949.tmp"
Mon 24 Oct 2005 189,440 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL1970.tmp"
Mon 24 Oct 2005 188,928 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL2224.tmp"
Tue 25 Oct 2005 186,368 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL2684.tmp"
Mon 24 Oct 2005 187,904 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL3104.tmp"
Mon 24 Oct 2005 189,440 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL3765.tmp"
Thu 25 Jan 2007 262,656 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Eiah2007\~WRL4067.tmp"
Thu 16 Oct 2003 310,784 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Pierre\~WRL2024.tmp"
Wed 3 Dec 2003 374,272 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Pierre\~WRL2202.tmp"
Mon 9 Dec 2002 312,832 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Pierre\~WRL4089.tmp"
Sun 28 Oct 2007 48,640 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL0049.tmp"
Sun 28 Oct 2007 48,640 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL1178.tmp"
Sun 28 Oct 2007 49,152 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL1214.tmp"
Sun 28 Oct 2007 53,248 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL1338.tmp"
Sun 28 Oct 2007 49,664 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL2340.tmp"
Sun 28 Oct 2007 47,616 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL2403.tmp"
Sun 28 Oct 2007 53,248 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL2799.tmp"
Sun 28 Oct 2007 50,176 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL3038.tmp"
Sun 21 May 2006 167,936 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Utlisation d'internet en Education\Learn-Nett2005-2006\~WRL4063.tmp"
Sun 27 Mar 2005 136,704 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Comenius\Done\~WRL0284.tmp"
Sun 27 Mar 2005 134,144 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Comenius\Done\~WRL3864.tmp"
Wed 27 Nov 2002 272,461 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Minerva\Minerva2002\Done\BDL-Done.zip"
Finished!
Je m'occupe maintenant du Purity
SDFix: Version 1.114
Run by Utilisateur on sam. 17/11/2007 at 15:47
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
Folder C:\WINDOWS\Fonts\' - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 16:18:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 17 Nov 2007 6,473 ..SH. --- "C:\WINDOWS\system32\kjkkj.bak1"
Tue 30 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT7.tmp"
Fri 14 Nov 2003 683,288 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\ARTICLES ANALYSE CHAT.ZIP"
Fri 19 Dec 2003 1,204 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\d‚cembre2003-Articles-tutoratversion2.zip"
Fri 19 Dec 2003 319,611 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\D‚CEMBRE2003-ARTICLES-TUTORATVERSION21.ZIP"
Fri 19 Dec 2003 521,645 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\SDF.zip"
Mon 24 Nov 2003 19,968 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL0001.tmp"
Mon 17 Apr 2006 202,240 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL0741.tmp"
Wed 17 Dec 2003 86,528 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL1229.tmp"
Mon 24 Nov 2003 20,992 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL1370.tmp"
Wed 2 Jun 2004 23,552 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL2339.tmp"
Wed 2 Jun 2004 25,600 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Attaches\~WRL3743.tmp"
Thu 13 Jul 2006 53,760 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Dossier2006-2007\~WRL0031.tmp"
Fri 19 May 2006 35,328 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Dossier2006-2007\~WRL2731.tmp"
Tue 17 Jan 2006 25,088 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL0769.tmp"
Tue 17 Jan 2006 22,528 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL1625.tmp"
Tue 17 Jan 2006 97,280 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL2207.tmp"
Tue 17 Jan 2006 40,960 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL3321.tmp"
Tue 17 Jan 2006 101,376 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Rapport_Activite\~WRL3618.tmp"
Thu 25 Jan 2007 262,656 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\eiah2007\~WRL4067.tmp"
Tue 27 Nov 2001 838,059 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Minerva\MinervaNov2001.zip"
Wed 25 Feb 2004 178,176 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0048.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0064.tmp"
Wed 25 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0119.tmp"
Wed 25 Feb 2004 67,584 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0239.tmp"
Wed 25 Feb 2004 65,024 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0268.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0286.tmp"
Wed 25 Feb 2004 179,712 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0447.tmp"
Wed 25 Feb 2004 180,224 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0962.tmp"
Wed 25 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL0997.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1041.tmp"
Wed 25 Feb 2004 65,024 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1647.tmp"
Wed 25 Feb 2004 64,000 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1778.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL1944.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2138.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2249.tmp"
Wed 25 Feb 2004 68,096 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2489.tmp"
Wed 25 Feb 2004 64,512 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2673.tmp"
Wed 25 Feb 2004 67,584 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2763.tmp"
Fri 28 May 2004 56,320 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL2884.tmp"
Wed 25 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3314.tmp"
Wed 25 Feb 2004 181,248 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3850.tmp"
Wed 25 Feb 2004 63,488 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3911.tmp"
Wed 25 Feb 2004 64,000 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL3961.tmp"
Wed 2 Jun 2004 55,808 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚bis\Facult‚\~WRL4024.tmp"
Tue 11 Oct 2005 158,720 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Facult‚\2005\~WRL3459.tmp"
Tue 25 Oct 2005 188,416 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL0941.tmp"
Tue 25 Oct 2005 186,880 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL1613.tmp"
Tue 25 Oct 2005 187,392 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL1949.tmp"
Mon 24 Oct 2005 189,440 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL1970.tmp"
Mon 24 Oct 2005 188,928 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL2224.tmp"
Tue 25 Oct 2005 186,368 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL2684.tmp"
Mon 24 Oct 2005 187,904 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL3104.tmp"
Mon 24 Oct 2005 189,440 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Alg‚rie2005\~WRL3765.tmp"
Thu 25 Jan 2007 262,656 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Eiah2007\~WRL4067.tmp"
Thu 16 Oct 2003 310,784 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Pierre\~WRL2024.tmp"
Wed 3 Dec 2003 374,272 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Pierre\~WRL2202.tmp"
Mon 9 Dec 2002 312,832 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Articles\article en cours\Pierre\~WRL4089.tmp"
Sun 28 Oct 2007 48,640 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL0049.tmp"
Sun 28 Oct 2007 48,640 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL1178.tmp"
Sun 28 Oct 2007 49,152 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL1214.tmp"
Sun 28 Oct 2007 53,248 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL1338.tmp"
Sun 28 Oct 2007 49,664 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL2340.tmp"
Sun 28 Oct 2007 47,616 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL2403.tmp"
Sun 28 Oct 2007 53,248 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL2799.tmp"
Sun 28 Oct 2007 50,176 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Projet3bac\2007-2008\~WRL3038.tmp"
Sun 21 May 2006 167,936 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Cours\Utlisation d'internet en Education\Learn-Nett2005-2006\~WRL4063.tmp"
Sun 27 Mar 2005 136,704 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Comenius\Done\~WRL0284.tmp"
Sun 27 Mar 2005 134,144 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Comenius\Done\~WRL3864.tmp"
Wed 27 Nov 2002 272,461 A..H. --- "C:\Documents and Settings\Utilisateur\Mes documents\Bruno\Europe\Minerva\Minerva2002\Done\BDL-Done.zip"
Finished!
Je m'occupe maintenant du Purity
Et le dernier (?) HiJacckThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:12, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7544 bytes
Est-ce que ça a l'air d'aller ?
si oui..
suis prêt pour l'anitvirus
Encore merci
Bruno
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:12, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7544 bytes
Est-ce que ça a l'air d'aller ?
si oui..
suis prêt pour l'anitvirus
Encore merci
Bruno
Pas encore le dernier, mais ça a bien avancé ![;)]( ";)")
Désinstalle MCafee si présent dans ajout/suppr de programmes.
Copie le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
+++++++++
Relance HiJackThis, do a system scan only, coche ces lignes si toujours présentes :
Puis Fix Checked !
Désinstalle MCafee si présent dans ajout/suppr de programmes.
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\urqqnlk.dll
C:\WINDOWS\system32\jreltyll.dll
Folder::
C:\WINDOWS\CURITY~1
C:\Program Files\Network Associates
C:\Program Files\Fichiers communs\Network Associates\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"5c42dfe9"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Urcu"=-
"Uirocq"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnlk]
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\urqqnlk.dll
C:\WINDOWS\system32\jreltyll.dll
Folder::
C:\WINDOWS\CURITY~1
C:\Program Files\Network Associates
C:\Program Files\Fichiers communs\Network Associates\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"5c42dfe9"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Urcu"=-
"Uirocq"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnlk]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
+++++++++
Relance HiJackThis, do a system scan only, coche ces lignes si toujours présentes :
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5c42dfe9] rundll32.exe "C:\WINDOWS\system32\jreltyll.dll",b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Puis Fix Checked !
Rapport combofix
ComboFix 07-11-08.1 - Utilisateur 2007-11-17 17:31:01.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1383 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\urqqnlk.dll
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Program Files\Fichiers communs\Network Associates\
C:\Program Files\Fichiers communs\Network Associates\\Engine\avparam.dll
C:\Program Files\Fichiers communs\Network Associates\\Engine\clean.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\license.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\mcscan32.dll
C:\Program Files\Fichiers communs\Network Associates\\Engine\messages.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\names.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\scan.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\scan.exe
C:\Program Files\Fichiers communs\Network Associates\\Engine\signlic.txt
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\Data\TalkBack.ini
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\dbghelp.dll
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\tbmon.exe
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\tbmon.loc
C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll
C:\Program Files\Network Associates\Common Framework\040C\CmaUIRes.dll
C:\Program Files\Network Associates\Common Framework\040C\ScrptRes.dll
C:\Program Files\Network Associates\Common Framework\040C\UpdRes.dll
C:\Program Files\Network Associates\Common Framework\Agent.dll
C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll
C:\Program Files\Network Associates\Common Framework\applib.dll
C:\Program Files\Network Associates\Common Framework\Cleanup.exe
C:\Program Files\Network Associates\Common Framework\ClientUI.dll
C:\Program Files\Network Associates\Common Framework\cmalib.dll
C:\Program Files\Network Associates\Common Framework\CmdAgent.exe
C:\Program Files\Network Associates\Common Framework\ComponentSubSystem.dll
C:\Program Files\Network Associates\Common Framework\ComponentUserInterface.dll
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Common Framework\FrmInst.exe
C:\Program Files\Network Associates\Common Framework\FrmPlugin.dll
C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll
C:\Program Files\Network Associates\Common Framework\InternetManager.dll
C:\Program Files\Network Associates\Common Framework\ListenServer.dll
C:\Program Files\Network Associates\Common Framework\Logging.dll
C:\Program Files\Network Associates\Common Framework\Management.dll
C:\Program Files\Network Associates\Common Framework\McScript.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Network Associates\Common Framework\mcurial.dll
C:\Program Files\Network Associates\Common Framework\naCmnLib.dll
C:\Program Files\Network Associates\Common Framework\nagshr32.dll
C:\Program Files\Network Associates\Common Framework\naicrt32.dll
C:\Program Files\Network Associates\Common Framework\nailog.dll
C:\Program Files\Network Associates\Common Framework\naInet.dll
C:\Program Files\Network Associates\Common Framework\naitcpp.dll
C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\Common Framework\naSPIPE.dll
C:\Program Files\Network Associates\Common Framework\naXML.dll
C:\Program Files\Network Associates\Common Framework\nmcomn32.dll
C:\Program Files\Network Associates\Common Framework\patchw32.dll
C:\Program Files\Network Associates\Common Framework\PcrPlug.dll
C:\Program Files\Network Associates\Common Framework\PoEvtInf.dll
C:\Program Files\Network Associates\Common Framework\PSAPI.dll
C:\Program Files\Network Associates\Common Framework\Scheduler.dll
C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll
C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll
C:\Program Files\Network Associates\Common Framework\TCHelper.dll
C:\Program Files\Network Associates\Common Framework\TCSubSys.dll
C:\Program Files\Network Associates\Common Framework\unicows.dll
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll
C:\Program Files\Network Associates\Common Framework\UpdPlug.dll
C:\Program Files\Network Associates\Common Framework\UserSpace.dll
C:\Program Files\Network Associates\Common Framework\XMLWrap.dll
C:\Program Files\Network Associates\VirusScan\adslokuu.dll
C:\Program Files\Network Associates\VirusScan\avf.exe
C:\Program Files\Network Associates\VirusScan\bbcpl.dll
C:\Program Files\Network Associates\VirusScan\bho.dll
C:\Program Files\Network Associates\VirusScan\bo.rul
C:\Program Files\Network Associates\VirusScan\coptcpl.dll
C:\Program Files\Network Associates\VirusScan\csscan.exe
C:\Program Files\Network Associates\VirusScan\dssdata.h
C:\Program Files\Network Associates\VirusScan\dssdata.ini
C:\Program Files\Network Associates\VirusScan\emcfgcpl.dll
C:\Program Files\Network Associates\VirusScan\entsrv.dll
C:\Program Files\Network Associates\VirusScan\entvutil.exe
C:\Program Files\Network Associates\VirusScan\ftcfg.dll
C:\Program Files\Network Associates\VirusScan\ftl.dll
C:\Program Files\Network Associates\VirusScan\graphics.dll
C:\Program Files\Network Associates\VirusScan\license.bin
C:\Program Files\Network Associates\VirusScan\logparser.exe
C:\Program Files\Network Associates\VirusScan\mcavdetect.dll
C:\Program Files\Network Associates\VirusScan\mcavscv.dll
C:\Program Files\Network Associates\VirusScan\mcconsol.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\mcupdate.exe
C:\Program Files\Network Associates\VirusScan\mcvssnmp.dll
C:\Program Files\Network Associates\VirusScan\mertool.url
C:\Program Files\Network Associates\VirusScan\MID\vsecfg.cab
C:\Program Files\Network Associates\VirusScan\midutil.dll
C:\Program Files\Network Associates\VirusScan\mvstdi5x.sys
C:\Program Files\Network Associates\VirusScan\mytilus.dll
C:\Program Files\Network Associates\VirusScan\naeventu.dll
C:\Program Files\Network Associates\VirusScan\naiann.dll
C:\Program Files\Network Associates\VirusScan\naiavf5x.inf
C:\Program Files\Network Associates\VirusScan\naiavf5x.sys
C:\Program Files\Network Associates\VirusScan\naiavfin.exe
C:\Program Files\Network Associates\VirusScan\naicondl.dll
C:\Program Files\Network Associates\VirusScan\naiconsl.dll
C:\Program Files\Network Associates\VirusScan\naievent.dll
C:\Program Files\Network Associates\VirusScan\nailite.dll
C:\Program Files\Network Associates\VirusScan\naiwmain.dll
C:\Program Files\Network Associates\VirusScan\nvpcpl.dll
C:\Program Files\Network Associates\VirusScan\oascpl.dll
C:\Program Files\Network Associates\VirusScan\packing.lst
C:\Program Files\Network Associates\VirusScan\pireg.exe
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\csscan.exe
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\mytilus.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\naiann.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\shutil.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\strings.bin
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\vsodscpl.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\vsplugin.dll
C:\Program Files\Network Associates\VirusScan\readme.txt
C:\Program Files\Network Associates\VirusScan\RepairCache\vse800.msi
C:\Program Files\Network Associates\VirusScan\Res0C\alertres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\mcshield.dll
C:\Program Files\Network Associates\VirusScan\Res0C\mcupdate.dll
C:\Program Files\Network Associates\VirusScan\Res0C\naevtres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\product.dll
C:\Program Files\Network Associates\VirusScan\Res0C\semalres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shcfg32.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shextres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shstat.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shutilrc.dll
C:\Program Files\Network Associates\VirusScan\Res0C\strings.bin
C:\Program Files\Network Associates\VirusScan\Res0C\vse.chm
C:\Program Files\Network Associates\VirusScan\Res0C\vstskmgr.dll
C:\Program Files\Network Associates\VirusScan\scan32.exe
C:\Program Files\Network Associates\VirusScan\scanemal.dll
C:\Program Files\Network Associates\VirusScan\scncfg32.exe
C:\Program Files\Network Associates\VirusScan\scriptproxy.dll
C:\Program Files\Network Associates\VirusScan\shcfg32.exe
C:\Program Files\Network Associates\VirusScan\shext.dll
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\VirusScan\shutil.dll
C:\Program Files\Network Associates\VirusScan\sitelist.xml
C:\Program Files\Network Associates\VirusScan\vscan.bof
C:\Program Files\Network Associates\VirusScan\vsidsvr.dll
C:\Program Files\Network Associates\VirusScan\vsodscpl.dll
C:\Program Files\Network Associates\VirusScan\vsplugin.dll
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Network Associates\VirusScan\vsupdate.dll
C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\urqqnlk.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 15:46 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-17 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:40 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 11:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-15 08:53 <REP> d-------- C:\Program Files\iPod
2007-11-05 00:55 <REP> d-------- C:\Program Files\RegCleaner
2007-11-03 23:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 22:56 <REP> d-------- C:\Temp
2007-11-03 22:56 32,768 --a------ C:\Documents and Settings\Utilisateur\pdf.exe
2007-11-03 22:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:09 <REP> d--h----- C:\WINDOWS\PIF
2007-11-03 13:01 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DivX
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Shared
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Incomplete
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
2007-11-03 09:02 <REP> d-------- C:\Program Files\LimeWire
2007-11-03 08:44 <REP> d-------- C:\Program Files\eMule
2007-11-02 19:02 <REP> d-------- C:\Program Files\DivX
2007-11-01 11:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-11-01 09:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-30 18:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 18:53 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-30 13:04 20,640 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 00:06 <REP> d-------- C:\Program Files\Skype
2007-10-30 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 23:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Leadertech
2007-10-28 23:19 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-10-28 23:19 <REP> d-------- C:\Program Files\Documents To Go
2007-10-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-10-28 23:18 <REP> d-------- C:\Program Files\Palm
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\HotSync
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-10-28 23:18 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-10-27 20:31 <REP> d-------- C:\Documents and Settings\Utilisateur\Contacts
2007-10-27 20:30 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-27 19:54 <REP> d-------- C:\Program Files\CopyPod
2007-10-27 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyPod
2007-10-27 19:46 <REP> d-------- C:\Program Files\WindSolutions
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTransControlCenter
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTrans
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2007-10-27 12:18 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-27 12:18 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-27 12:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-27 12:18 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-27 11:28 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-10-27 11:27 <REP> d-------- C:\Program Files\Logitech
2007-10-27 10:22 <REP> d-------- C:\Program Files\PowerPacket
2007-10-27 09:11 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Thunderbird
2007-10-27 01:04 <REP> d-------- C:\quarantine
2007-10-27 00:52 <REP> d-------- C:\Program Files\SEC
2007-10-27 00:28 <REP> d-------- C:\Program Files\Soulseek
2007-10-27 00:26 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-10-27 00:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-10-27 00:26 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 00:26 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-10-27 00:23 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-27 00:21 <REP> d-------- C:\WINDOWS\Sun
2007-10-27 00:21 <REP> d-------- C:\Program Files\Java
2007-10-27 00:20 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-27 00:19 1,536 --a------ C:\WINDOWS\mozver.dat
2007-10-27 00:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Talkback
2007-10-27 00:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-26 23:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CyberLink
2007-10-26 23:39 <REP> d-------- C:\Program Files\QuickTime
2007-10-26 23:39 <REP> d-------- C:\Program Files\iTunes
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Apple Computer
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-26 23:38 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-10-26 23:38 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-26 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-26 23:38 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-26 23:34 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-26 23:24 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-26 23:24 <REP> d-------- C:\Program Files\Google
2007-10-26 23:21 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AdobeUM
2007-10-23 11:18 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-10-23 11:18 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 11:17 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-23 11:17 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-10-20 09:01 <REP> d-------- C:\Program Files\Western Digital Technologies
2007-10-20 09:01 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 01:54 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-20 01:54 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-10-20 01:54 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-10-19 16:35 <REP> d-------- C:\WINDOWS\system32\Lang
2007-10-19 16:35 <REP> d-------- C:\Program Files\ASUS
2007-10-19 16:02 <REP> d-------- C:\Program Files\MadOnion.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-10-27 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 22:28 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-19 14:58 --------- d-----w C:\Program Files\Realtek
2007-10-19 14:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-19 14:56 --------- d-----w C:\Program Files\Intel
2007-10-19 14:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 14:45 --------- d-----w C:\Program Files\Services en ligne
2007-10-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-17_13.41.37.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 04:09:51 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-17 14:46:30 4,231,168 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-17 14:46:30 499,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-16 04:09:51 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-17 14:46:21 4,231,168 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-17 14:46:21 499,712 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43]
"nwiz"="nwiz.exe" [2007-06-28 17:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 15:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" []
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" []
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-26 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-01 20:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 17:41:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 17:42:19 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-17 15:36
C:\ComboFix3.txt ... 2007-11-17 13:42
.
--- E O F ---
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:43, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6989 bytes
Et voilà la suite
Bruno
ComboFix 07-11-08.1 - Utilisateur 2007-11-17 17:31:01.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1383 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\jreltyll.dll
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\urqqnlk.dll
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Program Files\Fichiers communs\Network Associates\
C:\Program Files\Fichiers communs\Network Associates\\Engine\avparam.dll
C:\Program Files\Fichiers communs\Network Associates\\Engine\clean.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\license.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\mcscan32.dll
C:\Program Files\Fichiers communs\Network Associates\\Engine\messages.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\names.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\scan.dat
C:\Program Files\Fichiers communs\Network Associates\\Engine\scan.exe
C:\Program Files\Fichiers communs\Network Associates\\Engine\signlic.txt
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\Data\TalkBack.ini
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\dbghelp.dll
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\tbmon.exe
C:\Program Files\Fichiers communs\Network Associates\\TalkBack\tbmon.loc
C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll
C:\Program Files\Network Associates\Common Framework\040C\CmaUIRes.dll
C:\Program Files\Network Associates\Common Framework\040C\ScrptRes.dll
C:\Program Files\Network Associates\Common Framework\040C\UpdRes.dll
C:\Program Files\Network Associates\Common Framework\Agent.dll
C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll
C:\Program Files\Network Associates\Common Framework\applib.dll
C:\Program Files\Network Associates\Common Framework\Cleanup.exe
C:\Program Files\Network Associates\Common Framework\ClientUI.dll
C:\Program Files\Network Associates\Common Framework\cmalib.dll
C:\Program Files\Network Associates\Common Framework\CmdAgent.exe
C:\Program Files\Network Associates\Common Framework\ComponentSubSystem.dll
C:\Program Files\Network Associates\Common Framework\ComponentUserInterface.dll
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Common Framework\FrmInst.exe
C:\Program Files\Network Associates\Common Framework\FrmPlugin.dll
C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll
C:\Program Files\Network Associates\Common Framework\InternetManager.dll
C:\Program Files\Network Associates\Common Framework\ListenServer.dll
C:\Program Files\Network Associates\Common Framework\Logging.dll
C:\Program Files\Network Associates\Common Framework\Management.dll
C:\Program Files\Network Associates\Common Framework\McScript.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Network Associates\Common Framework\mcurial.dll
C:\Program Files\Network Associates\Common Framework\naCmnLib.dll
C:\Program Files\Network Associates\Common Framework\nagshr32.dll
C:\Program Files\Network Associates\Common Framework\naicrt32.dll
C:\Program Files\Network Associates\Common Framework\nailog.dll
C:\Program Files\Network Associates\Common Framework\naInet.dll
C:\Program Files\Network Associates\Common Framework\naitcpp.dll
C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\Common Framework\naSPIPE.dll
C:\Program Files\Network Associates\Common Framework\naXML.dll
C:\Program Files\Network Associates\Common Framework\nmcomn32.dll
C:\Program Files\Network Associates\Common Framework\patchw32.dll
C:\Program Files\Network Associates\Common Framework\PcrPlug.dll
C:\Program Files\Network Associates\Common Framework\PoEvtInf.dll
C:\Program Files\Network Associates\Common Framework\PSAPI.dll
C:\Program Files\Network Associates\Common Framework\Scheduler.dll
C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll
C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll
C:\Program Files\Network Associates\Common Framework\TCHelper.dll
C:\Program Files\Network Associates\Common Framework\TCSubSys.dll
C:\Program Files\Network Associates\Common Framework\unicows.dll
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll
C:\Program Files\Network Associates\Common Framework\UpdPlug.dll
C:\Program Files\Network Associates\Common Framework\UserSpace.dll
C:\Program Files\Network Associates\Common Framework\XMLWrap.dll
C:\Program Files\Network Associates\VirusScan\adslokuu.dll
C:\Program Files\Network Associates\VirusScan\avf.exe
C:\Program Files\Network Associates\VirusScan\bbcpl.dll
C:\Program Files\Network Associates\VirusScan\bho.dll
C:\Program Files\Network Associates\VirusScan\bo.rul
C:\Program Files\Network Associates\VirusScan\coptcpl.dll
C:\Program Files\Network Associates\VirusScan\csscan.exe
C:\Program Files\Network Associates\VirusScan\dssdata.h
C:\Program Files\Network Associates\VirusScan\dssdata.ini
C:\Program Files\Network Associates\VirusScan\emcfgcpl.dll
C:\Program Files\Network Associates\VirusScan\entsrv.dll
C:\Program Files\Network Associates\VirusScan\entvutil.exe
C:\Program Files\Network Associates\VirusScan\ftcfg.dll
C:\Program Files\Network Associates\VirusScan\ftl.dll
C:\Program Files\Network Associates\VirusScan\graphics.dll
C:\Program Files\Network Associates\VirusScan\license.bin
C:\Program Files\Network Associates\VirusScan\logparser.exe
C:\Program Files\Network Associates\VirusScan\mcavdetect.dll
C:\Program Files\Network Associates\VirusScan\mcavscv.dll
C:\Program Files\Network Associates\VirusScan\mcconsol.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\mcupdate.exe
C:\Program Files\Network Associates\VirusScan\mcvssnmp.dll
C:\Program Files\Network Associates\VirusScan\mertool.url
C:\Program Files\Network Associates\VirusScan\MID\vsecfg.cab
C:\Program Files\Network Associates\VirusScan\midutil.dll
C:\Program Files\Network Associates\VirusScan\mvstdi5x.sys
C:\Program Files\Network Associates\VirusScan\mytilus.dll
C:\Program Files\Network Associates\VirusScan\naeventu.dll
C:\Program Files\Network Associates\VirusScan\naiann.dll
C:\Program Files\Network Associates\VirusScan\naiavf5x.inf
C:\Program Files\Network Associates\VirusScan\naiavf5x.sys
C:\Program Files\Network Associates\VirusScan\naiavfin.exe
C:\Program Files\Network Associates\VirusScan\naicondl.dll
C:\Program Files\Network Associates\VirusScan\naiconsl.dll
C:\Program Files\Network Associates\VirusScan\naievent.dll
C:\Program Files\Network Associates\VirusScan\nailite.dll
C:\Program Files\Network Associates\VirusScan\naiwmain.dll
C:\Program Files\Network Associates\VirusScan\nvpcpl.dll
C:\Program Files\Network Associates\VirusScan\oascpl.dll
C:\Program Files\Network Associates\VirusScan\packing.lst
C:\Program Files\Network Associates\VirusScan\pireg.exe
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\csscan.exe
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\mytilus.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\naiann.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\shutil.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\strings.bin
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\vsodscpl.dll
C:\Program Files\Network Associates\VirusScan\PreVSE800MAS\vsplugin.dll
C:\Program Files\Network Associates\VirusScan\readme.txt
C:\Program Files\Network Associates\VirusScan\RepairCache\vse800.msi
C:\Program Files\Network Associates\VirusScan\Res0C\alertres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\mcshield.dll
C:\Program Files\Network Associates\VirusScan\Res0C\mcupdate.dll
C:\Program Files\Network Associates\VirusScan\Res0C\naevtres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\product.dll
C:\Program Files\Network Associates\VirusScan\Res0C\semalres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shcfg32.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shextres.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shstat.dll
C:\Program Files\Network Associates\VirusScan\Res0C\shutilrc.dll
C:\Program Files\Network Associates\VirusScan\Res0C\strings.bin
C:\Program Files\Network Associates\VirusScan\Res0C\vse.chm
C:\Program Files\Network Associates\VirusScan\Res0C\vstskmgr.dll
C:\Program Files\Network Associates\VirusScan\scan32.exe
C:\Program Files\Network Associates\VirusScan\scanemal.dll
C:\Program Files\Network Associates\VirusScan\scncfg32.exe
C:\Program Files\Network Associates\VirusScan\scriptproxy.dll
C:\Program Files\Network Associates\VirusScan\shcfg32.exe
C:\Program Files\Network Associates\VirusScan\shext.dll
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\VirusScan\shutil.dll
C:\Program Files\Network Associates\VirusScan\sitelist.xml
C:\Program Files\Network Associates\VirusScan\vscan.bof
C:\Program Files\Network Associates\VirusScan\vsidsvr.dll
C:\Program Files\Network Associates\VirusScan\vsodscpl.dll
C:\Program Files\Network Associates\VirusScan\vsplugin.dll
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Network Associates\VirusScan\vsupdate.dll
C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\urqqnlk.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 15:46 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-17 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft
2007-11-17 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 11:40 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 11:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-15 08:53 <REP> d-------- C:\Program Files\iPod
2007-11-05 00:55 <REP> d-------- C:\Program Files\RegCleaner
2007-11-03 23:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 22:56 <REP> d-------- C:\Temp
2007-11-03 22:56 32,768 --a------ C:\Documents and Settings\Utilisateur\pdf.exe
2007-11-03 22:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:09 <REP> d--h----- C:\WINDOWS\PIF
2007-11-03 13:01 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DivX
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Shared
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Incomplete
2007-11-03 09:15 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
2007-11-03 09:02 <REP> d-------- C:\Program Files\LimeWire
2007-11-03 08:44 <REP> d-------- C:\Program Files\eMule
2007-11-02 19:02 <REP> d-------- C:\Program Files\DivX
2007-11-01 11:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-11-01 09:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-30 18:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 18:53 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-30 13:04 20,640 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 00:06 <REP> d-------- C:\Program Files\Skype
2007-10-30 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Skype
2007-10-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 23:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Leadertech
2007-10-28 23:19 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-10-28 23:19 <REP> d-------- C:\Program Files\Documents To Go
2007-10-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-10-28 23:18 <REP> d-------- C:\Program Files\Palm
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\HotSync
2007-10-28 23:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-10-28 23:18 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-10-27 20:31 <REP> d-------- C:\Documents and Settings\Utilisateur\Contacts
2007-10-27 20:30 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-27 19:54 <REP> d-------- C:\Program Files\CopyPod
2007-10-27 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyPod
2007-10-27 19:46 <REP> d-------- C:\Program Files\WindSolutions
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTransControlCenter
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CopyTrans
2007-10-27 19:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2007-10-27 12:18 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-27 12:18 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-27 12:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-27 12:18 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-27 11:28 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-10-27 11:27 <REP> d-------- C:\Program Files\Logitech
2007-10-27 10:22 <REP> d-------- C:\Program Files\PowerPacket
2007-10-27 09:11 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Thunderbird
2007-10-27 01:04 <REP> d-------- C:\quarantine
2007-10-27 00:52 <REP> d-------- C:\Program Files\SEC
2007-10-27 00:28 <REP> d-------- C:\Program Files\Soulseek
2007-10-27 00:26 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-10-27 00:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-10-27 00:26 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 00:26 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-10-27 00:23 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-27 00:21 <REP> d-------- C:\WINDOWS\Sun
2007-10-27 00:21 <REP> d-------- C:\Program Files\Java
2007-10-27 00:20 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-27 00:19 1,536 --a------ C:\WINDOWS\mozver.dat
2007-10-27 00:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Talkback
2007-10-27 00:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-26 23:41 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\CyberLink
2007-10-26 23:39 <REP> d-------- C:\Program Files\QuickTime
2007-10-26 23:39 <REP> d-------- C:\Program Files\iTunes
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Apple Computer
2007-10-26 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-26 23:38 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-10-26 23:38 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-26 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-26 23:38 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-26 23:34 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-26 23:24 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-26 23:24 <REP> d-------- C:\Program Files\Google
2007-10-26 23:21 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AdobeUM
2007-10-23 11:18 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-10-23 11:18 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 11:17 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-23 11:17 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-10-20 09:01 <REP> d-------- C:\Program Files\Western Digital Technologies
2007-10-20 09:01 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 01:54 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-20 01:54 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-10-20 01:54 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-10-19 16:35 <REP> d-------- C:\WINDOWS\system32\Lang
2007-10-19 16:35 <REP> d-------- C:\Program Files\ASUS
2007-10-19 16:02 <REP> d-------- C:\Program Files\MadOnion.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-10-27 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 22:28 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-19 16:14 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-19 14:58 --------- d-----w C:\Program Files\Realtek
2007-10-19 14:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-19 14:56 --------- d-----w C:\Program Files\Intel
2007-10-19 14:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 14:45 --------- d-----w C:\Program Files\Services en ligne
2007-10-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-17_13.41.37.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 04:09:51 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-17 14:46:30 4,231,168 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-17 14:46:30 499,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-16 04:09:51 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-17 14:46:21 4,231,168 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-17 14:46:21 499,712 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43]
"nwiz"="nwiz.exe" [2007-06-28 17:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 15:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" []
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" []
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-26 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-01 20:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 17:41:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 17:42:19 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-17 15:36
C:\ComboFix3.txt ... 2007-11-17 13:42
.
--- E O F ---
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:43, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6989 bytes
Et voilà la suite
Bruno
C'est mieux ![;)]( ";)")
Télécharge sur ton bureau : Clean (de Malekal)
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Tuto
Télécharge sur ton bureau : Clean (de Malekal)
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Tuto
Relance HiJackThis, do a system scan only, coche ces lignes :
Puis Fix Checked !
+++++++++++++
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
Puis Fix Checked !
+++++++++++++
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
Voilà le rapport
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 08:54
Scanning for 932510 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Utilisateur
Computer name: USER
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 07:52:03
ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 07:52:03
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 07:52:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 18 novembre 2007 08:54
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'NCProTray.exe' - '1' Module(s) have been scanned
Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RemoteControlAppl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '44' files ).
Starting the file scan:
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_USER.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/e.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Agent.163840
--> qoobox/Quarantine/C/Program Files/Fichiers communs/Yazzle1560OinAdmin.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> qoobox/Quarantine/C/Program Files/Network Associates/Common Framework/InternetManager.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/Common Framework/ScriptSubSys.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/adslokuu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/avf.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/bbcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/bho.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/coptcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/csscan.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/emcfgcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/ftcfg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/ftl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/graphics.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcavdetect.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcavscv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcconsol.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcshield.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcupdate.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcvssnmp.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/midutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mytilus.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naeventu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiann.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiavfin.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naicondl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiconsl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naievent.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/nailite.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiwmain.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/nvpcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/oascpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/alertres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/mcshield.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/mcupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/naevtres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/product.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/semalres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shcfg32.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shextres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shstat.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shutilrc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/vstskmgr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scan32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scanemal.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scncfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scriptproxy.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shcfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shext.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shstat.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsidsvr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsodscpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsplugin.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vstskmgr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsupdcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Online Services/qugatam568.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
--> qoobox/Quarantine/C/VundoFix Backups/ddabb.dll.bad.vir
[DETECTION] Is the Trojan horse TR/Vundo.DQC
--> qoobox/Quarantine/C/VundoFix Backups/wmplquxj.dll.bad.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
--> qoobox/Quarantine/C/WINDOWS/b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> qoobox/Quarantine/C/WINDOWS/b128.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
--> qoobox/Quarantine/C/WINDOWS/CURITY~1/notepad.exe.vir
[DETECTION] Is the Trojan horse TR/Gendal.72704
--> qoobox/Quarantine/C/WINDOWS/Fonts/Crack.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> qoobox/Quarantine/C/WINDOWS/Fonts/svchost.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> qoobox/Quarantine/C/WINDOWS/system32/b3/rarndrll2.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
--> qoobox/Quarantine/C/WINDOWS/system32/bychlrgf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
--> qoobox/Quarantine/C/WINDOWS/system32/cbxvtsr.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/ddcdayy.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/ddcyawu.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/fploksek.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.RG
--> qoobox/Quarantine/C/WINDOWS/system32/fxqpdxvj.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
--> qoobox/Quarantine/C/WINDOWS/system32/icryfmce.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
--> qoobox/Quarantine/C/WINDOWS/system32/jkkjk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/jreltyll.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
--> qoobox/Quarantine/C/WINDOWS/system32/mljghed.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/Mz18r/Mz18r2328.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.bqc.2
--> qoobox/Quarantine/C/WINDOWS/system32/orbvnkhg.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
--> qoobox/Quarantine/C/WINDOWS/system32/u4/wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/urqqnlk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/tk58.exe.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.4
--> qoobox/Quarantine/C/winlogon.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/z.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.133120
--> qoobox/Quarantine/catchme2007-11-17_174153.45.zip
[2] Archive type: ZIP
--> urqqnlk.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47abf044.qua'!
C:\Documents and Settings\Utilisateur\pdf.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.bru
[INFO] The file was moved to '47a5f0aa.qua'!
C:\qoobox\Quarantine\catchme2007-11-17_174153.45.zip
[0] Archive type: ZIP
--> urqqnlk.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47b40ec8.qua'!
C:\qoobox\Quarantine\C\e.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Agent.163840
[INFO] The file was moved to '47a50e9a.qua'!
C:\qoobox\Quarantine\C\winlogon.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47ae0ed8.qua'!
C:\qoobox\Quarantine\C\z.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.133120
[INFO] The file was moved to '47a50e9f.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was moved to '47ba0ed6.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\Common Framework\InternetManager.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40ee5.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\Common Framework\ScriptSubSys.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b20edd.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\adslokuu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30ee0.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\avf.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a60ef4.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\bbcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30ee2.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\bho.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47af0eea.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\coptcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b00ef3.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\csscan.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30ef8.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\emcfgcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30ef4.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\ftcfg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30efd.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\ftl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ac0eff.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\graphics.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10eff.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcavdetect.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10ef2.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcavscv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10ef4.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcconsol.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30ef5.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcshield.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30ef7.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcupdate.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50ef9.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcvssnmp.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b60efb.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\midutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a40f03.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mytilus.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40f14.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naeventu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50efe.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiann.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f00.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiavfin.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f01.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naicondl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f03.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiconsl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f05.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naievent.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f06.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\nailite.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f08.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiwmain.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f0a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\nvpcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b00f21.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\oascpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f0e.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scan32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10f11.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scanemal.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10f13.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scncfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ae0f17.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scriptproxy.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b20f17.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shcfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30f1c.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shext.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f1c.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shstat.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f1c.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f1d.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsidsvr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f28.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsodscpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47af0f28.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsplugin.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b00f28.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vstskmgr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40f29.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f29.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsupdcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4634c3b2.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\alertres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f23.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\mcshield.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f1a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\mcupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f1a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\naevtres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f18.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\product.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47af0f2a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\semalres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ad0f1d.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shcfg32.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30f20.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shextres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f20.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shstat.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f21.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shutilrc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f21.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\vstskmgr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40f2d.qua'!
C:\qoobox\Quarantine\C\Program Files\Online Services\qugatam568.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was moved to '47a70f2f.qua'!
C:\qoobox\Quarantine\C\VundoFix Backups\ddabb.dll.bad.vir
[DETECTION] Is the Trojan horse TR/Vundo.DQC
[INFO] The file was moved to '47a10f1f.qua'!
C:\qoobox\Quarantine\C\VundoFix Backups\wmplquxj.dll.bad.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
[INFO] The file was moved to '46cec949.qua'!
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '47720eec.qua'!
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
[INFO] The file was moved to '47720eed.qua'!
C:\qoobox\Quarantine\C\WINDOWS\tk58.exe.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was moved to '47750f27.qua'!
C:\qoobox\Quarantine\C\WINDOWS\CURITY~1\notepad.exe.vir
[DETECTION] Is the Trojan horse TR/Gendal.72704
[INFO] The file was moved to '47b40f2b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a10f2e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a30f33.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bychlrgf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47a30f36.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbxvtsr.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47b80f1f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddcdayy.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47a30f22.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddcyawu.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '4623c833.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fploksek.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.RG
[INFO] The file was moved to '47ac0f2e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fxqpdxvj.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b10f37.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\icryfmce.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b20f22.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jkkjk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ab0f2a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jreltyll.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47a50f31.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljghed.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47aa0f2c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\orbvnkhg.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
[INFO] The file was moved to '47a20f32.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\urqqnlk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b10f32.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\b3\rarndrll2.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[INFO] The file was moved to '4633c3bb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\Mz18r\Mz18r2328.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.bqc.2
[INFO] The file was moved to '47710f3b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47730f33.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backups/mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a30f24.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\'
F:\Bruno_BackUp_Home(27-10-2007)\Attaches\defang-164.bin
[0] Archive type: ZIP
--> picture6401.jpg .exe
[DETECTION] Is the Trojan horse TR/Dldr.Stration.Gen
[INFO] The file was moved to '47a6106e.qua'!
F:\Bruno_BackUp_Home(27-10-2007)\Attaches\defang-1641.bin
[0] Archive type: ZIP
--> picture6401.jpg .exe
[DETECTION] Is the Trojan horse TR/Dldr.Stration.Gen
[INFO] The file was moved to '47a6106f.qua'!
F:\Bruno_BackUp_Home(27-10-2007)\Privé\USBHD20.SYS
[WARNING] The file could not be opened!
End of the scan: dimanche 18 novembre 2007 11:22
Used time: 2:28:13 min
The scan has been done completely.
13377 Scanning directories
293948 Files were scanned
173 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
89 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
293775 Files not concerned
2103 Archives were scanned
2 Warnings
3 Notes
Grand merci encore
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 08:54
Scanning for 932510 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Utilisateur
Computer name: USER
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 07:52:03
ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 07:52:03
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 07:52:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 18 novembre 2007 08:54
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'NCProTray.exe' - '1' Module(s) have been scanned
Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RemoteControlAppl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '44' files ).
Starting the file scan:
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_USER.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/e.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Agent.163840
--> qoobox/Quarantine/C/Program Files/Fichiers communs/Yazzle1560OinAdmin.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> qoobox/Quarantine/C/Program Files/Network Associates/Common Framework/InternetManager.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/Common Framework/ScriptSubSys.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/adslokuu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/avf.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/bbcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/bho.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/coptcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/csscan.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/emcfgcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/ftcfg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/ftl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/graphics.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcavdetect.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcavscv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcconsol.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcshield.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcupdate.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mcvssnmp.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/midutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/mytilus.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naeventu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiann.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiavfin.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naicondl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiconsl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naievent.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/nailite.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/naiwmain.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/nvpcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/oascpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/alertres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/mcshield.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/mcupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/naevtres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/product.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/semalres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shcfg32.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shextres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shstat.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/shutilrc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/Res0C/vstskmgr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scan32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scanemal.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scncfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/scriptproxy.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shcfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shext.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shstat.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/shutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsidsvr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsodscpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsplugin.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vstskmgr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Network Associates/VirusScan/vsupdcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/Program Files/Online Services/qugatam568.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
--> qoobox/Quarantine/C/VundoFix Backups/ddabb.dll.bad.vir
[DETECTION] Is the Trojan horse TR/Vundo.DQC
--> qoobox/Quarantine/C/VundoFix Backups/wmplquxj.dll.bad.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
--> qoobox/Quarantine/C/WINDOWS/b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> qoobox/Quarantine/C/WINDOWS/b128.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
--> qoobox/Quarantine/C/WINDOWS/CURITY~1/notepad.exe.vir
[DETECTION] Is the Trojan horse TR/Gendal.72704
--> qoobox/Quarantine/C/WINDOWS/Fonts/Crack.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> qoobox/Quarantine/C/WINDOWS/Fonts/svchost.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> qoobox/Quarantine/C/WINDOWS/system32/b3/rarndrll2.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
--> qoobox/Quarantine/C/WINDOWS/system32/bychlrgf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
--> qoobox/Quarantine/C/WINDOWS/system32/cbxvtsr.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/ddcdayy.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/ddcyawu.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/fploksek.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.RG
--> qoobox/Quarantine/C/WINDOWS/system32/fxqpdxvj.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
--> qoobox/Quarantine/C/WINDOWS/system32/icryfmce.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
--> qoobox/Quarantine/C/WINDOWS/system32/jkkjk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/jreltyll.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
--> qoobox/Quarantine/C/WINDOWS/system32/mljghed.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/WINDOWS/system32/Mz18r/Mz18r2328.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.bqc.2
--> qoobox/Quarantine/C/WINDOWS/system32/orbvnkhg.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
--> qoobox/Quarantine/C/WINDOWS/system32/u4/wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/urqqnlk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/tk58.exe.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.4
--> qoobox/Quarantine/C/winlogon.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
--> qoobox/Quarantine/C/z.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.133120
--> qoobox/Quarantine/catchme2007-11-17_174153.45.zip
[2] Archive type: ZIP
--> urqqnlk.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47abf044.qua'!
C:\Documents and Settings\Utilisateur\pdf.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.bru
[INFO] The file was moved to '47a5f0aa.qua'!
C:\qoobox\Quarantine\catchme2007-11-17_174153.45.zip
[0] Archive type: ZIP
--> urqqnlk.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47b40ec8.qua'!
C:\qoobox\Quarantine\C\e.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Agent.163840
[INFO] The file was moved to '47a50e9a.qua'!
C:\qoobox\Quarantine\C\winlogon.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47ae0ed8.qua'!
C:\qoobox\Quarantine\C\z.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.133120
[INFO] The file was moved to '47a50e9f.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was moved to '47ba0ed6.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\Common Framework\InternetManager.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40ee5.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\Common Framework\ScriptSubSys.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b20edd.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\adslokuu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30ee0.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\avf.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a60ef4.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\bbcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30ee2.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\bho.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47af0eea.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\coptcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b00ef3.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\csscan.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30ef8.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\emcfgcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30ef4.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\ftcfg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30efd.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\ftl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ac0eff.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\graphics.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10eff.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcavdetect.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10ef2.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcavscv.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10ef4.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcconsol.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30ef5.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcshield.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30ef7.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcupdate.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50ef9.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mcvssnmp.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b60efb.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\midutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a40f03.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\mytilus.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40f14.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naeventu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50efe.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiann.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f00.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiavfin.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f01.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naicondl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f03.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiconsl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f05.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naievent.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f06.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\nailite.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f08.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\naiwmain.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f0a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\nvpcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b00f21.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\oascpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f0e.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scan32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10f11.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scanemal.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a10f13.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scncfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ae0f17.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\scriptproxy.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b20f17.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shcfg32.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30f1c.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shext.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f1c.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shstat.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f1c.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\shutil.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f1d.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsidsvr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a90f28.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsodscpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47af0f28.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsplugin.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b00f28.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vstskmgr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40f29.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f29.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\vsupdcpl.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4634c3b2.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\alertres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f23.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\mcshield.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f1a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\mcupdate.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f1a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\naevtres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f18.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\product.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47af0f2a.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\semalres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ad0f1d.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shcfg32.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a30f20.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shextres.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47a50f20.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shstat.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b30f21.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\shutilrc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b50f21.qua'!
C:\qoobox\Quarantine\C\Program Files\Network Associates\VirusScan\Res0C\vstskmgr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40f2d.qua'!
C:\qoobox\Quarantine\C\Program Files\Online Services\qugatam568.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was moved to '47a70f2f.qua'!
C:\qoobox\Quarantine\C\VundoFix Backups\ddabb.dll.bad.vir
[DETECTION] Is the Trojan horse TR/Vundo.DQC
[INFO] The file was moved to '47a10f1f.qua'!
C:\qoobox\Quarantine\C\VundoFix Backups\wmplquxj.dll.bad.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
[INFO] The file was moved to '46cec949.qua'!
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '47720eec.qua'!
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
[INFO] The file was moved to '47720eed.qua'!
C:\qoobox\Quarantine\C\WINDOWS\tk58.exe.vir
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was moved to '47750f27.qua'!
C:\qoobox\Quarantine\C\WINDOWS\CURITY~1\notepad.exe.vir
[DETECTION] Is the Trojan horse TR/Gendal.72704
[INFO] The file was moved to '47b40f2b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a10f2e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a30f33.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bychlrgf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47a30f36.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbxvtsr.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47b80f1f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddcdayy.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47a30f22.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddcyawu.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '4623c833.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fploksek.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.RG
[INFO] The file was moved to '47ac0f2e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fxqpdxvj.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b10f37.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\icryfmce.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b20f22.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jkkjk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47ab0f2a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jreltyll.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47a50f31.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljghed.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.JC
[INFO] The file was moved to '47aa0f2c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\orbvnkhg.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.AW
[INFO] The file was moved to '47a20f32.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\urqqnlk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b10f32.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\b3\rarndrll2.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[INFO] The file was moved to '4633c3bb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\Mz18r\Mz18r2328.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.bqc.2
[INFO] The file was moved to '47710f3b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47730f33.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backups/mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a30f24.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\'
F:\Bruno_BackUp_Home(27-10-2007)\Attaches\defang-164.bin
[0] Archive type: ZIP
--> picture6401.jpg .exe
[DETECTION] Is the Trojan horse TR/Dldr.Stration.Gen
[INFO] The file was moved to '47a6106e.qua'!
F:\Bruno_BackUp_Home(27-10-2007)\Attaches\defang-1641.bin
[0] Archive type: ZIP
--> picture6401.jpg .exe
[DETECTION] Is the Trojan horse TR/Dldr.Stration.Gen
[INFO] The file was moved to '47a6106f.qua'!
F:\Bruno_BackUp_Home(27-10-2007)\Privé\USBHD20.SYS
[WARNING] The file could not be opened!
End of the scan: dimanche 18 novembre 2007 11:22
Used time: 2:28:13 min
The scan has been done completely.
13377 Scanning directories
293948 Files were scanned
173 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
89 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
293775 Files not concerned
2103 Archives were scanned
2 Warnings
3 Notes
Grand merci encore
Ok ;-)
Voilà le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:36, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7290 bytes
Voilà le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:36, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: ASUS
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7290 bytes
Bien, toujours des problèmes ?
Relance HiJackThis, do a system scan only, coche ces lignes :
Puis Fix Checked !
Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints
Tuto
Ton infection :Vundo
Bonne soirée !
Relance HiJackThis, do a system scan only, coche ces lignes :
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
Puis Fix Checked !
Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints
Tuto
Ton infection :Vundo
Bonne soirée !
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumWindows live onecare safety scanner
- solutionsWindows live onecare safety
- ForumWindows live family safety browser helper class
- ForumWindows security center
- ForumWindow live onecare safety scanner
- solutionsMicrosoft security center
- ForumMessages de windows security center
- ForumAvis sur mcafee security center
- ForumWindows live family safety
- ForumDesinstaller mcafee security center
- Voir plus
