Virus Trojandownloader
Dernière réponse : dans Sécurité
Bonsoir tout le monde,
Aprés avoir constater que mon pc laggé sévère, j'ai fait un petit scann avec ad-aware 2007 et je constate que je suis infécté par trojandownloader.
Si quelqu'un pourrais m'aider à virer ce virus.
Merci all![:)]( ":)")
Aprés avoir constater que mon pc laggé sévère, j'ai fait un petit scann avec ad-aware 2007 et je constate que je suis infécté par trojandownloader.
Si quelqu'un pourrais m'aider à virer ce virus.
Merci all
Autres pages sur : virus trojandownloader
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Voici le rapport (Merci de me prendre en charge ![:D]( ":D")
)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:38, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Logiciels\antivirus\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\spoo1sv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Logiciels\antivirus\avp.exe
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Logiciels\antivirus\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\Logiciels\WinBar\WinBar.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\9061.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Logiciels\antivirus\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1sv.exe
--
End of file - 6718 bytes
)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:38, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Logiciels\antivirus\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\spoo1sv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Logiciels\antivirus\avp.exe
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Logiciels\antivirus\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\Logiciels\WinBar\WinBar.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\9061.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Logiciels\antivirus\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1sv.exe
--
End of file - 6718 bytes
Fichier 9061.dll reçu le 2007.11.29 01:51:59 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 4/32 (12.5%)
--------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - ADSPY/BaiduBar.DH
Authentium - - -
Avast - - Win32:Qhost-AYU
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Virus.Win32.Qhost.AYU
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Ad-Spyware.BaiduBar.DH
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 4/32 (12.5%)
--------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - ADSPY/BaiduBar.DH
Authentium - - -
Avast - - Win32:Qhost-AYU
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Virus.Win32.Qhost.AYU
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Ad-Spyware.BaiduBar.DH
C'est bien ça.
Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne l'emplacement dans le cadre ci-dessous :
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\9061.dll
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne l'emplacement dans le cadre ci-dessous :
C:\WINDOWS\system32\9061.dll
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:38, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\06e21.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\spoo1sv.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Logiciels\WinBar\WinBar.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Logiciels\eMule\emule.exe
C:\Documents and Settings\Mr_GT\Bureau\MouseMachine.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\9061.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [cscqz] rundll32 "C:\WINDOWS\Downlo~1\cscqz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [ea3] rundll32 "C:\WINDOWS\Downlo~1\ea3.dll",Run
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1sv.exe
--
End of file - 6794 bytes
Scan saved at 19:46:38, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\06e21.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\spoo1sv.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Logiciels\WinBar\WinBar.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Logiciels\eMule\emule.exe
C:\Documents and Settings\Mr_GT\Bureau\MouseMachine.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\9061.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [cscqz] rundll32 "C:\WINDOWS\Downlo~1\cscqz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [ea3] rundll32 "C:\WINDOWS\Downlo~1\ea3.dll",Run
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1sv.exe
--
End of file - 6794 bytes
Fichier de retour.
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ComboFix 07-11-19.4C - Mr_GT 2007-12-01 0:53:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.939 [GMT 1:00]
Running from: C:\Documents and Settings\Mr_GT\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a2001.dat
C:\Documents and Settings\All Users\Application Data.\t\b2001.dat
C:\Documents and Settings\All Users\Application Data.\t\k2001.dat
C:\Documents and Settings\All Users\Application Data.\t\p2001.dat
C:\Documents and Settings\All Users\Application Data.\t\r2001.dat
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data\td
C:\Documents and Settings\All Users\Application Data\td\a1003.dat
C:\Documents and Settings\All Users\Application Data\td\b1003.dat
C:\Documents and Settings\All Users\Application Data\td\k1003.dat
C:\Documents and Settings\All Users\Application Data\td\p1003.dat
C:\Documents and Settings\All Users\Application Data\td\r1003.dat
C:\Documents and Settings\Mr_GT\Favoris\7BFA~1.URL
C:\Documents and Settings\Mr_GT\ravmonlog
C:\Program Files\Fichiers communs\cpush
C:\Program Files\Fichiers communs\cpush\Uninst.exe
C:\Program Files\Temporary
C:\WINDOWS\f21.bmp
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\891.dll
C:\WINDOWS\system32\9061.dll
C:\WINDOWS\system32\9061.dlltmp
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\TEMP.\~my1.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MS_2FAX
-------\LEGACY_MXDISPDR
-------\ms_2fax
-------\mxdispdr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 19:03 0 --a------ C:\WINDOWS\system32\b3cf471a
2007-11-24 22:13 <REP> d-------- C:\Documents and Settings\Mr_GT\Application Data\Grisoft
2007-11-24 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-24 22:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-24 15:24 <REP> d-------- C:\WINDOWS\NV43804780.TMP
2007-11-24 15:23 <REP> d-------- C:\NVIDIA
2007-11-24 01:49 1,978,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-24 01:49 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-24 01:49 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-24 01:49 30,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-24 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-24 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-24 01:48 20,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-24 01:48 5,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-23 19:24 6 --a------ C:\WINDOWS\system32\num.ini
2007-11-23 02:34 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-23 02:34 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-23 02:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-20 23:05 105 --a------ C:\WINDOWS\system32\adurl.ini
2007-11-20 23:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-20 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 22:51 <REP> d-------- C:\Documents and Settings\Mr_GT\.housecall6.6
2007-11-20 22:51 194 --a------ C:\WINDOWS\system32\key.~tmp
2007-11-20 22:49 738 --a------ C:\WINDOWS\system32\ini.~tmp
2007-11-20 18:13 597 --a------ C:\WINDOWS\system32\setyahoo.ini
2007-11-16 18:19 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2007-11-16 18:17 <REP> d-------- C:\Program Files\Logitech
2007-11-15 18:32 68 --a------ C:\WINDOWS\system32\285
2007-11-15 07:51 68 --a------ C:\WINDOWS\system32\e56
2007-11-15 07:21 68 --a------ C:\WINDOWS\system32\dcd
2007-11-15 06:50 68 --a------ C:\WINDOWS\system32\8542
2007-11-15 06:20 68 --a------ C:\WINDOWS\system32\660a
2007-11-15 05:50 68 --a------ C:\WINDOWS\system32\60a444
2007-11-15 05:20 68 --a------ C:\WINDOWS\system32\542dc
2007-11-15 04:50 68 --a------ C:\WINDOWS\system32\4ada
2007-11-15 04:20 68 --a------ C:\WINDOWS\system32\2dcd
2007-11-15 03:50 68 --a------ C:\WINDOWS\system32\28f
2007-11-15 03:09 14 --a------ C:\WINDOWS\system32\-35-497126
2007-11-15 03:08 <REP> d-------- C:\Program Files\Windows Live
2007-11-15 03:08 20,541 --a------ C:\WINDOWS\system32\detoured.dll
2007-11-15 03:07 79 --a------ C:\WINDOWS\system32\mstacim.sig
2007-11-14 03:07 <REP> d-------- C:\Program Files\winstat
2007-11-14 03:00 197 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-13 06:29 <REP> d-------- C:\Program Files\MSReports
2007-11-13 06:28 212,291 --a------ C:\Documents and Settings\Mr_GT\sdd.exe
2007-11-12 01:30 88,556 --a------ C:\Documents and Settings\Mr_GT\Application Data\serial2.dat
2007-11-12 00:10 34 --a------ C:\WINDOWS\system32\-19-497126
2007-11-12 00:09 188,416 --a------ C:\WINDOWS\system32\spoo1sv.exe
2007-11-08 18:07 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-01 18:27 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-01 18:27 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-01 18:27 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 23:50 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Azureus
2007-11-27 16:41 53,248 ----a-r C:\WINDOWS\2f31.exe
2007-11-21 08:36 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-21 08:36 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-16 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-16 17:19 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2007-11-15 17:31 12,724 ----a-w C:\WINDOWS\system32\drivers\ws2helw.sys
2007-11-15 02:08 --------- d-----w C:\Program Files\MSN Messenger
2007-11-08 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 21:27 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\teamspeak2
2007-10-25 20:20 --------- d-----w C:\Program Files\DivX
2007-10-23 16:04 --------- d-----w C:\Program Files\RACE 07
2007-10-19 18:17 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Command & Conquer 3 Les guerres du Tiberium
2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-16 01:01 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-14 23:41 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Media Player Classic
2007-10-14 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-14 14:33 --------- d-----w C:\Program Files\Java
2007-10-14 14:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-10-14 14:00 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Publish Providers
2007-10-14 13:56 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Sony
2007-10-14 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-14 13:55 --------- d-----w C:\Program Files\Vstplugins
2007-10-14 13:24 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Sony Setup
2007-10-14 12:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-14 12:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-14 11:39 --------- d--h--r C:\Documents and Settings\Mr_GT\Application Data\SecuROM
2007-10-14 11:29 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\InstallShield
2007-10-14 11:10 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-14 05:06 --------- d-----w C:\Program Files\Free.fr
2007-10-14 04:57 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-14 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-14 04:43 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Talkback
2007-10-14 04:36 --------- d-----w C:\Program Files\DIFX
2007-10-14 03:39 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-14 03:39 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-14 01:45 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-14 01:44 --------- d-----w C:\Program Files\Services en ligne
2007-10-14 01:43 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-12 02:00 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-10-12 01:55 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys
2007-10-12 01:55 1,279,000 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14]
"razer"="C:\Logiciels\Razer\razerhid.exe" [2005-09-06 10:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"WinampAgent"="C:\Logiciels\Winamp\winampa.exe" [2006-01-30 20:13]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"AVP"="C:\Logiciels\antivirus\avp.exe" [2007-05-19 22:36]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"!AVG Anti-Spyware"="C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
C:\WINDOWS\system32\klogon.dll 2007-05-19 22:37 206352 C:\WINDOWS\system32\klogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\LOGICI~1\ANTIVI~1\adialhk.dll
R0 3m1d1;3m1d;C:\WINDOWS\system32\DRIVERS\3m1d1.sys
R2 5u81s57yl;5u81s57yl;\??\C:\WINDOWS\system32\drivers\5u81s57yl.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 ws2helw;ws2helw;\??\C:\WINDOWS\system32\drivers\ws2helw.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-29 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2007-10-28 23:06:57 C:\WINDOWS\Tasks\At2.job"
"2007-11-29 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 01:00:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 1:03:14 - machine was rebooted
.
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.939 [GMT 1:00]
Running from: C:\Documents and Settings\Mr_GT\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a2001.dat
C:\Documents and Settings\All Users\Application Data.\t\b2001.dat
C:\Documents and Settings\All Users\Application Data.\t\k2001.dat
C:\Documents and Settings\All Users\Application Data.\t\p2001.dat
C:\Documents and Settings\All Users\Application Data.\t\r2001.dat
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data\td
C:\Documents and Settings\All Users\Application Data\td\a1003.dat
C:\Documents and Settings\All Users\Application Data\td\b1003.dat
C:\Documents and Settings\All Users\Application Data\td\k1003.dat
C:\Documents and Settings\All Users\Application Data\td\p1003.dat
C:\Documents and Settings\All Users\Application Data\td\r1003.dat
C:\Documents and Settings\Mr_GT\Favoris\7BFA~1.URL
C:\Documents and Settings\Mr_GT\ravmonlog
C:\Program Files\Fichiers communs\cpush
C:\Program Files\Fichiers communs\cpush\Uninst.exe
C:\Program Files\Temporary
C:\WINDOWS\f21.bmp
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\891.dll
C:\WINDOWS\system32\9061.dll
C:\WINDOWS\system32\9061.dlltmp
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\TEMP.\~my1.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MS_2FAX
-------\LEGACY_MXDISPDR
-------\ms_2fax
-------\mxdispdr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 19:03 0 --a------ C:\WINDOWS\system32\b3cf471a
2007-11-24 22:13 <REP> d-------- C:\Documents and Settings\Mr_GT\Application Data\Grisoft
2007-11-24 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-24 22:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-24 15:24 <REP> d-------- C:\WINDOWS\NV43804780.TMP
2007-11-24 15:23 <REP> d-------- C:\NVIDIA
2007-11-24 01:49 1,978,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-24 01:49 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-24 01:49 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-24 01:49 30,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-24 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-24 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-24 01:48 20,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-24 01:48 5,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-23 19:24 6 --a------ C:\WINDOWS\system32\num.ini
2007-11-23 02:34 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-23 02:34 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-23 02:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-20 23:05 105 --a------ C:\WINDOWS\system32\adurl.ini
2007-11-20 23:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-20 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 22:51 <REP> d-------- C:\Documents and Settings\Mr_GT\.housecall6.6
2007-11-20 22:51 194 --a------ C:\WINDOWS\system32\key.~tmp
2007-11-20 22:49 738 --a------ C:\WINDOWS\system32\ini.~tmp
2007-11-20 18:13 597 --a------ C:\WINDOWS\system32\setyahoo.ini
2007-11-16 18:19 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2007-11-16 18:17 <REP> d-------- C:\Program Files\Logitech
2007-11-15 18:32 68 --a------ C:\WINDOWS\system32\285
2007-11-15 07:51 68 --a------ C:\WINDOWS\system32\e56
2007-11-15 07:21 68 --a------ C:\WINDOWS\system32\dcd
2007-11-15 06:50 68 --a------ C:\WINDOWS\system32\8542
2007-11-15 06:20 68 --a------ C:\WINDOWS\system32\660a
2007-11-15 05:50 68 --a------ C:\WINDOWS\system32\60a444
2007-11-15 05:20 68 --a------ C:\WINDOWS\system32\542dc
2007-11-15 04:50 68 --a------ C:\WINDOWS\system32\4ada
2007-11-15 04:20 68 --a------ C:\WINDOWS\system32\2dcd
2007-11-15 03:50 68 --a------ C:\WINDOWS\system32\28f
2007-11-15 03:09 14 --a------ C:\WINDOWS\system32\-35-497126
2007-11-15 03:08 <REP> d-------- C:\Program Files\Windows Live
2007-11-15 03:08 20,541 --a------ C:\WINDOWS\system32\detoured.dll
2007-11-15 03:07 79 --a------ C:\WINDOWS\system32\mstacim.sig
2007-11-14 03:07 <REP> d-------- C:\Program Files\winstat
2007-11-14 03:00 197 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-13 06:29 <REP> d-------- C:\Program Files\MSReports
2007-11-13 06:28 212,291 --a------ C:\Documents and Settings\Mr_GT\sdd.exe
2007-11-12 01:30 88,556 --a------ C:\Documents and Settings\Mr_GT\Application Data\serial2.dat
2007-11-12 00:10 34 --a------ C:\WINDOWS\system32\-19-497126
2007-11-12 00:09 188,416 --a------ C:\WINDOWS\system32\spoo1sv.exe
2007-11-08 18:07 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-01 18:27 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-01 18:27 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-01 18:27 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 23:50 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Azureus
2007-11-27 16:41 53,248 ----a-r C:\WINDOWS\2f31.exe
2007-11-21 08:36 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-21 08:36 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-16 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-16 17:19 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2007-11-15 17:31 12,724 ----a-w C:\WINDOWS\system32\drivers\ws2helw.sys
2007-11-15 02:08 --------- d-----w C:\Program Files\MSN Messenger
2007-11-08 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 21:27 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\teamspeak2
2007-10-25 20:20 --------- d-----w C:\Program Files\DivX
2007-10-23 16:04 --------- d-----w C:\Program Files\RACE 07
2007-10-19 18:17 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Command & Conquer 3 Les guerres du Tiberium
2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-16 01:01 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-14 23:41 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Media Player Classic
2007-10-14 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-14 14:33 --------- d-----w C:\Program Files\Java
2007-10-14 14:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-10-14 14:00 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Publish Providers
2007-10-14 13:56 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Sony
2007-10-14 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-14 13:55 --------- d-----w C:\Program Files\Vstplugins
2007-10-14 13:24 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Sony Setup
2007-10-14 12:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-14 12:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-14 11:39 --------- d--h--r C:\Documents and Settings\Mr_GT\Application Data\SecuROM
2007-10-14 11:29 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\InstallShield
2007-10-14 11:10 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-14 05:06 --------- d-----w C:\Program Files\Free.fr
2007-10-14 04:57 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-14 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-14 04:43 --------- d-----w C:\Documents and Settings\Mr_GT\Application Data\Talkback
2007-10-14 04:36 --------- d-----w C:\Program Files\DIFX
2007-10-14 03:39 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-14 03:39 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-14 01:45 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-14 01:44 --------- d-----w C:\Program Files\Services en ligne
2007-10-14 01:43 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-12 02:00 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-10-12 01:55 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys
2007-10-12 01:55 1,279,000 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14]
"razer"="C:\Logiciels\Razer\razerhid.exe" [2005-09-06 10:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"WinampAgent"="C:\Logiciels\Winamp\winampa.exe" [2006-01-30 20:13]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"AVP"="C:\Logiciels\antivirus\avp.exe" [2007-05-19 22:36]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
"!AVG Anti-Spyware"="C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
C:\WINDOWS\system32\klogon.dll 2007-05-19 22:37 206352 C:\WINDOWS\system32\klogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\LOGICI~1\ANTIVI~1\adialhk.dll
R0 3m1d1;3m1d;C:\WINDOWS\system32\DRIVERS\3m1d1.sys
R2 5u81s57yl;5u81s57yl;\??\C:\WINDOWS\system32\drivers\5u81s57yl.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 ws2helw;ws2helw;\??\C:\WINDOWS\system32\drivers\ws2helw.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-29 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2007-10-28 23:06:57 C:\WINDOWS\Tasks\At2.job"
"2007-11-29 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 01:00:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 1:03:14 - machine was rebooted
.
--- E O F ---
voila le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logiciels\WinBar\WinBar.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [cscqz] rundll32 "C:\WINDOWS\Downlo~1\cscqz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [ea3] rundll32 "C:\WINDOWS\Downlo~1\ea3.dll",Run
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - spoo1sv.exe (file missing)
--
End of file - 6394 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logiciels\WinBar\WinBar.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [cscqz] rundll32 "C:\WINDOWS\Downlo~1\cscqz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [ea3] rundll32 "C:\WINDOWS\Downlo~1\ea3.dll",Run
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - spoo1sv.exe (file missing)
--
End of file - 6394 bytes
Re,
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur Windows Management PrintSystem
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape spoo1sv puis valide.
----------
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur Windows Management PrintSystem
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape spoo1sv puis valide.
----------
ok c'est fait.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logiciels\WinBar\WinBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [cscqz] rundll32 "C:\WINDOWS\Downlo~1\cscqz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [ea3] rundll32 "C:\WINDOWS\Downlo~1\ea3.dll",Run
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6325 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Logiciels\ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Logiciels\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Logiciels\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logiciels\WinBar\WinBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Logiciels\Razer\razertra.exe
C:\Logiciels\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Logiciels\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kzdh.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [razer] C:\Logiciels\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Logiciels\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Logiciels\antivirus\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [cscqz] rundll32 "C:\WINDOWS\Downlo~1\cscqz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [ea3] rundll32 "C:\WINDOWS\Downlo~1\ea3.dll",Run
O4 - Startup: WinBar.lnk = C:\Logiciels\WinBar\WinBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Logiciels\antivirus\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - AppInit_DLLs: C:\LOGICI~1\ANTIVI~1\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Logiciels\ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Logiciels\antivirus\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6325 bytes
j'ai refait un scan avec Kaspersky, voici le résultat -_-'
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-181941-624.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182041-175.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182117-589.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.Agent.wf Le fichier: C:\Documents and Settings\Mr_GT\Local Settings\Temp\cml62.tmp//PE_Patch.PECompact//PecBundle//PECompact
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\qoobox\Quarantine\C\WINDOWS\system32\9061.dll.vir
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.WSearch.ae Le fichier: C:\qoobox\Quarantine\C\WINDOWS\system32\9061.dlltmp.vir
supprimé : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\WINDOWS\2f31.exe
découvert : cheval de Troie Trojan.Win32.BHO.abk Le fichier: C:\WINDOWS\f3501.txt
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.fof Le fichier: C:\WINDOWS\Downloaded Program Files\cscqz.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\ea3.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\hjbn5ezq.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\lqraqcje.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.Agent.wf Le fichier: C:\WINDOWS\Downloaded Program Files\oaac0pol.dll//PE_Patch.PECompact//PecBundle//PECompact
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\s5uwz8.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\y3jd5p.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-181941-624.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182041-175.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182117-589.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.Agent.wf Le fichier: C:\Documents and Settings\Mr_GT\Local Settings\Temp\cml62.tmp//PE_Patch.PECompact//PecBundle//PECompact
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\qoobox\Quarantine\C\WINDOWS\system32\9061.dll.vir
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.WSearch.ae Le fichier: C:\qoobox\Quarantine\C\WINDOWS\system32\9061.dlltmp.vir
supprimé : logiciel publicitaire not-a-virus:AdWare.Win32.BHO.mz Le fichier: C:\WINDOWS\2f31.exe
découvert : cheval de Troie Trojan.Win32.BHO.abk Le fichier: C:\WINDOWS\f3501.txt
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.fof Le fichier: C:\WINDOWS\Downloaded Program Files\cscqz.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\ea3.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\hjbn5ezq.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\lqraqcje.dll
découvert : logiciel publicitaire not-a-virus:AdWare.Win32.Agent.wf Le fichier: C:\WINDOWS\Downloaded Program Files\oaac0pol.dll//PE_Patch.PECompact//PecBundle//PECompact
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\s5uwz8.dll
découvert : cheval de Troie Trojan-Downloader.Win32.Agent.foe Le fichier: C:\WINDOWS\Downloaded Program Files\y3jd5p.dll
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups
C:\qoobox\Quarantine
C:\WINDOWS\2f31.exe
C:\WINDOWS\f3501.txt
C:\WINDOWS\Downloaded Program Files\cscqz.dll
C:\WINDOWS\Downloaded Program Files\ea3.dll
C:\WINDOWS\Downloaded Program Files\hjbn5ezq.dll
C:\WINDOWS\Downloaded Program Files\lqraqcje.dll
C:\WINDOWS\Downloaded Program Files\s5uwz8.dll
C:\WINDOWS\Downloaded Program Files\y3jd5p.dll
C:\qoobox\Quarantine
C:\WINDOWS\2f31.exe
C:\WINDOWS\f3501.txt
C:\WINDOWS\Downloaded Program Files\cscqz.dll
C:\WINDOWS\Downloaded Program Files\ea3.dll
C:\WINDOWS\Downloaded Program Files\hjbn5ezq.dll
C:\WINDOWS\Downloaded Program Files\lqraqcje.dll
C:\WINDOWS\Downloaded Program Files\s5uwz8.dll
C:\WINDOWS\Downloaded Program Files\y3jd5p.dll
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071201-131647-451 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182117-589 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182041-175 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-181941-624 scheduled to be moved on reboot.
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups moved successfully.
C:\qoobox\Quarantine\Registry_backups moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\Temp moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\qoobox\Quarantine\C\WINDOWS moved successfully.
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\CPUSH moved successfully.
C:\qoobox\Quarantine\C\Program Files\Fichiers communs moved successfully.
C:\qoobox\Quarantine\C\Program Files moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\Mr_GT\Favoris moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\Mr_GT moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TD moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\t moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\PCTools moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings moved successfully.
C:\qoobox\Quarantine\C moved successfully.
C:\qoobox\Quarantine moved successfully.
File/Folder C:\WINDOWS\2f31.exe not found.
File/Folder C:\WINDOWS\f3501.txt not found.
File/Folder C:\WINDOWS\Downloaded Program Files\cscqz.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\ea3.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\hjbn5ezq.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\lqraqcje.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\s5uwz8.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\y3jd5p.dll not found.
Created on 12/08/2007 19:44:16
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182117-589 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-182041-175 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups\backup-20071130-181941-624 scheduled to be moved on reboot.
C:\Documents and Settings\Mr_GT\Bureau\HiJackThis\backups moved successfully.
C:\qoobox\Quarantine\Registry_backups moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\Temp moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\qoobox\Quarantine\C\WINDOWS moved successfully.
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\CPUSH moved successfully.
C:\qoobox\Quarantine\C\Program Files\Fichiers communs moved successfully.
C:\qoobox\Quarantine\C\Program Files moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\Mr_GT\Favoris moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\Mr_GT moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TD moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\t moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\PCTools moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings moved successfully.
C:\qoobox\Quarantine\C moved successfully.
C:\qoobox\Quarantine moved successfully.
File/Folder C:\WINDOWS\2f31.exe not found.
File/Folder C:\WINDOWS\f3501.txt not found.
File/Folder C:\WINDOWS\Downloaded Program Files\cscqz.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\ea3.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\hjbn5ezq.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\lqraqcje.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\s5uwz8.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\y3jd5p.dll not found.
Created on 12/08/2007 19:44:16
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojandownloader dans une cle de registre -
- ForumTrojandownloader win32 renos.jw
- ForumProbleme trojandownloader win32 renos.mq
- ForumWma trojandownloader
- ForumTrojandownloader win32 renos
- ForumTrojandownloader win32 renos.jm
- ForumTrojandownloader win32 renos.js
- ForumPc infecte par trojandownloader spyware
- ForumTrojandownloader win32 renos.lx
- ForumHelp trojandownloader win32 small.gen
- Voir plus
