Pub Internet (Cid), virus attrappé par msn [Resolu]
Dernière réponse : dans Sécurité
Bonjour,
J'ai un souci avec des pubs internet qui s'ouvrent toutes seules, je pense à des Cid.
Si quelqu'un peut m'aider merci à vous.
Ps: si ça peut aider, j'ai OTMoveIt, HijackThis et CCleaner.
J'ai un souci avec des pubs internet qui s'ouvrent toutes seules, je pense à des Cid.
Si quelqu'un peut m'aider merci à vous.
Ps: si ça peut aider, j'ai OTMoveIt, HijackThis et CCleaner.
Autres pages sur : pub internet cid virus attrappe msn resolu
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Lop S&D.exe sur ton Bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Télécharge Lop S&D.exe sur ton Bureau.
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Voilà le rapport:
-----------------------------[ Lop S&D 2.0.8 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER: POULLY ] [ "C:\Program Files\Lop SD" ]
[ 21/01/2008 | 13:39:13.00 ] [ YANNICK ]
[ MAJ : 21-01-2008 | 13.15 ]
-------------[ Listing des dossiers dans Application Data ]------------
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[21/01/2008|13:37] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
[14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
[01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
[01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
[12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
[22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
[29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
[06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
[21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
[15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
[27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
[07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
[07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
[25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
[25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
[25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[21/01/2008 12:00][--ah-----] C:\WINDOWS\tasks\A8684309916FFBA9.job
[21/01/2008 13:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[21/01/2008|13:39] C:\Program Files\Lop SD
[21/01/2008|13:33] C:\Program Files\..
[21/01/2008|13:33] C:\Program Files\.
[21/01/2008|12:00] C:\Program Files\Helper
[17/01/2008|21:47] C:\Program Files\Temporary
[17/01/2008|19:15] C:\Program Files\Dot1XCfg
[16/01/2008|22:00] C:\Program Files\eChanblard
[09/01/2008|16:31] C:\Program Files\eMule
[21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
[21/12/2007|16:27] C:\Program Files\MSN Messenger
[11/12/2007|23:47] C:\Program Files\Internet Explorer
[19/11/2007|18:42] C:\Program Files\flashget196en.exe
[12/11/2007|18:51] C:\Program Files\LimeWire
[12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
[15/10/2007|14:34] C:\Program Files\Java
[09/10/2007|15:39] C:\Program Files\MSN plus
[09/10/2007|15:39] C:\Program Files\Multimedia V3.54
[03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
[26/09/2007|14:27] C:\Program Files\MSN Reaper
[02/09/2007|21:06] C:\Program Files\eChanblard.exe
[14/06/2007|21:13] C:\Program Files\Windows Live
[12/06/2007|22:34] C:\Program Files\Outlook Express
[08/05/2007|12:23] C:\Program Files\WinRAR
[08/04/2007|16:57] C:\Program Files\CCleaner
[02/04/2007|23:26] C:\Program Files\Grisoft
[01/04/2007|10:43] C:\Program Files\PC Camera
[22/03/2007|23:54] C:\Program Files\BitComet
[07/03/2007|18:19] C:\Program Files\Free
[07/03/2007|16:42] C:\Program Files\Fichiers communs
[07/03/2007|16:18] C:\Program Files\NETGEAR
[07/03/2007|16:18] C:\Program Files\NETGEAR(2)
[22/01/2007|21:42] C:\Program Files\VideoLAN
[09/11/2006|18:14] C:\Program Files\Windows Media Player
[09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
[09/11/2006|17:41] C:\Program Files\windows media player 11
[09/11/2006|17:28] C:\Program Files\Windows NT
[06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
[23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
[22/09/2006|15:02] C:\Program Files\Boonty
[22/09/2006|15:02] C:\Program Files\BoontyGames
[22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
[21/09/2006|19:47] C:\Program Files\DIFX
[11/04/2006|20:36] C:\Program Files\Bearshare
[22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
[09/02/2006|15:37] C:\Program Files\essai convertisseur
[04/02/2006|14:28] C:\Program Files\Oxilog
[04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
[02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
[28/01/2006|14:33] C:\Program Files\SigmaTel
[25/01/2006|21:09] C:\Program Files\Messenger
[25/01/2006|19:37] C:\Program Files\Lavasoft
[25/01/2006|19:37] C:\Program Files\PowerArchiver
[25/01/2006|19:36] C:\Program Files\Adobe
[25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
[25/01/2006|19:30] C:\Program Files\Alwil Software
[25/01/2006|16:32] C:\Program Files\Ahead
[25/01/2006|16:16] C:\Program Files\Movie Maker
[25/01/2006|16:13] C:\Program Files\NetMeeting
[25/01/2006|15:56] C:\Program Files\SiSLan
[25/01/2006|14:54] C:\Program Files\Uninstall Information
[25/01/2006|14:49] C:\Program Files\xerox
[25/01/2006|14:49] C:\Program Files\microsoft frontpage
[25/01/2006|14:47] C:\Program Files\Services en ligne
[25/01/2006|14:44] C:\Program Files\ComPlus Applications
[25/01/2006|14:44] C:\Program Files\WindowsUpdate
[25/01/2006|14:44] C:\Program Files\MSN Gaming Zone
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[12/06/2007|22:34] C:\Program Files\Fichiers communs\System
[01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
[07/03/2007|16:42] C:\Program Files\Fichiers communs\..
[07/03/2007|16:42] C:\Program Files\Fichiers communs\.
[12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
[12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
[22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
[10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
[09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
[07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
[02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
[25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
[25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
[25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
[25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
[25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\WINDOWS\Tasks\A8684309916FFBA9.job
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 13:41:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:1826][Doss:896] C:\DOCUME~1\POULLY\LOCALS~1\Temp
/!\ [Fich:17112][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 13:43:15.17 ]----------------------
-----------------------------[ Lop S&D 2.0.8 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER: POULLY ] [ "C:\Program Files\Lop SD" ]
[ 21/01/2008 | 13:39:13.00 ] [ YANNICK ]
[ MAJ : 21-01-2008 | 13.15 ]
-------------[ Listing des dossiers dans Application Data ]------------
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[21/01/2008|13:37] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
[14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
[01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
[01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
[12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
[22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
[29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
[06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
[21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
[15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
[27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
[07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
[07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
[25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
[25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
[25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[21/01/2008 12:00][--ah-----] C:\WINDOWS\tasks\A8684309916FFBA9.job
[21/01/2008 13:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[21/01/2008|13:39] C:\Program Files\Lop SD
[21/01/2008|13:33] C:\Program Files\..
[21/01/2008|13:33] C:\Program Files\.
[21/01/2008|12:00] C:\Program Files\Helper
[17/01/2008|21:47] C:\Program Files\Temporary
[17/01/2008|19:15] C:\Program Files\Dot1XCfg
[16/01/2008|22:00] C:\Program Files\eChanblard
[09/01/2008|16:31] C:\Program Files\eMule
[21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
[21/12/2007|16:27] C:\Program Files\MSN Messenger
[11/12/2007|23:47] C:\Program Files\Internet Explorer
[19/11/2007|18:42] C:\Program Files\flashget196en.exe
[12/11/2007|18:51] C:\Program Files\LimeWire
[12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
[15/10/2007|14:34] C:\Program Files\Java
[09/10/2007|15:39] C:\Program Files\MSN plus
[09/10/2007|15:39] C:\Program Files\Multimedia V3.54
[03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
[26/09/2007|14:27] C:\Program Files\MSN Reaper
[02/09/2007|21:06] C:\Program Files\eChanblard.exe
[14/06/2007|21:13] C:\Program Files\Windows Live
[12/06/2007|22:34] C:\Program Files\Outlook Express
[08/05/2007|12:23] C:\Program Files\WinRAR
[08/04/2007|16:57] C:\Program Files\CCleaner
[02/04/2007|23:26] C:\Program Files\Grisoft
[01/04/2007|10:43] C:\Program Files\PC Camera
[22/03/2007|23:54] C:\Program Files\BitComet
[07/03/2007|18:19] C:\Program Files\Free
[07/03/2007|16:42] C:\Program Files\Fichiers communs
[07/03/2007|16:18] C:\Program Files\NETGEAR
[07/03/2007|16:18] C:\Program Files\NETGEAR(2)
[22/01/2007|21:42] C:\Program Files\VideoLAN
[09/11/2006|18:14] C:\Program Files\Windows Media Player
[09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
[09/11/2006|17:41] C:\Program Files\windows media player 11
[09/11/2006|17:28] C:\Program Files\Windows NT
[06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
[23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
[22/09/2006|15:02] C:\Program Files\Boonty
[22/09/2006|15:02] C:\Program Files\BoontyGames
[22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
[21/09/2006|19:47] C:\Program Files\DIFX
[11/04/2006|20:36] C:\Program Files\Bearshare
[22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
[09/02/2006|15:37] C:\Program Files\essai convertisseur
[04/02/2006|14:28] C:\Program Files\Oxilog
[04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
[02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
[28/01/2006|14:33] C:\Program Files\SigmaTel
[25/01/2006|21:09] C:\Program Files\Messenger
[25/01/2006|19:37] C:\Program Files\Lavasoft
[25/01/2006|19:37] C:\Program Files\PowerArchiver
[25/01/2006|19:36] C:\Program Files\Adobe
[25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
[25/01/2006|19:30] C:\Program Files\Alwil Software
[25/01/2006|16:32] C:\Program Files\Ahead
[25/01/2006|16:16] C:\Program Files\Movie Maker
[25/01/2006|16:13] C:\Program Files\NetMeeting
[25/01/2006|15:56] C:\Program Files\SiSLan
[25/01/2006|14:54] C:\Program Files\Uninstall Information
[25/01/2006|14:49] C:\Program Files\xerox
[25/01/2006|14:49] C:\Program Files\microsoft frontpage
[25/01/2006|14:47] C:\Program Files\Services en ligne
[25/01/2006|14:44] C:\Program Files\ComPlus Applications
[25/01/2006|14:44] C:\Program Files\WindowsUpdate
[25/01/2006|14:44] C:\Program Files\MSN Gaming Zone
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[12/06/2007|22:34] C:\Program Files\Fichiers communs\System
[01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
[07/03/2007|16:42] C:\Program Files\Fichiers communs\..
[07/03/2007|16:42] C:\Program Files\Fichiers communs\.
[12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
[12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
[22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
[10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
[09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
[07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
[02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
[25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
[25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
[25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
[25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
[25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\WINDOWS\Tasks\A8684309916FFBA9.job
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 13:41:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:1826][Doss:896] C:\DOCUME~1\POULLY\LOCALS~1\Temp
/!\ [Fich:17112][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 13:43:15.17 ]----------------------
Re,
Relance Lop S&D
Choisis cette fois ci l'Option 2 (Suppression)
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
&
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Relance Lop S&D
(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
&
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Re,
Voilà le rapport Lop:
-----------------------------[ Lop S&D 2.0.8 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER: POULLY ] [ "C:\Program Files\Lop SD" ]
[ 21/01/2008 | 14:17:31.76 ] [ YANNICK ]
[ MAJ : 21-01-2008 | 13.15 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\WINDOWS\Tasks\A8684309916FFBA9.job
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[21/01/2008|13:48] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
[14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
[01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
[01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
[12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
[22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
[29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
[06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
[21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
[15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
[27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
[07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
[07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
[25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
[25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
[25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[21/01/2008 13:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[21/01/2008|14:17] C:\Program Files\Lop SD
[21/01/2008|13:33] C:\Program Files\..
[21/01/2008|13:33] C:\Program Files\.
[21/01/2008|12:00] C:\Program Files\Helper
[17/01/2008|21:47] C:\Program Files\Temporary
[17/01/2008|19:15] C:\Program Files\Dot1XCfg
[16/01/2008|22:00] C:\Program Files\eChanblard
[09/01/2008|16:31] C:\Program Files\eMule
[21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
[21/12/2007|16:27] C:\Program Files\MSN Messenger
[11/12/2007|23:47] C:\Program Files\Internet Explorer
[19/11/2007|18:42] C:\Program Files\flashget196en.exe
[12/11/2007|18:51] C:\Program Files\LimeWire
[12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
[15/10/2007|14:34] C:\Program Files\Java
[09/10/2007|15:39] C:\Program Files\MSN plus
[09/10/2007|15:39] C:\Program Files\Multimedia V3.54
[03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
[26/09/2007|14:27] C:\Program Files\MSN Reaper
[02/09/2007|21:06] C:\Program Files\eChanblard.exe
[14/06/2007|21:13] C:\Program Files\Windows Live
[12/06/2007|22:34] C:\Program Files\Outlook Express
[08/05/2007|12:23] C:\Program Files\WinRAR
[08/04/2007|16:57] C:\Program Files\CCleaner
[02/04/2007|23:26] C:\Program Files\Grisoft
[01/04/2007|10:43] C:\Program Files\PC Camera
[22/03/2007|23:54] C:\Program Files\BitComet
[07/03/2007|18:19] C:\Program Files\Free
[07/03/2007|16:42] C:\Program Files\Fichiers communs
[07/03/2007|16:18] C:\Program Files\NETGEAR
[07/03/2007|16:18] C:\Program Files\NETGEAR(2)
[22/01/2007|21:42] C:\Program Files\VideoLAN
[09/11/2006|18:14] C:\Program Files\Windows Media Player
[09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
[09/11/2006|17:41] C:\Program Files\windows media player 11
[09/11/2006|17:28] C:\Program Files\Windows NT
[06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
[23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
[22/09/2006|15:02] C:\Program Files\Boonty
[22/09/2006|15:02] C:\Program Files\BoontyGames
[22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
[21/09/2006|19:47] C:\Program Files\DIFX
[11/04/2006|20:36] C:\Program Files\Bearshare
[22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
[09/02/2006|15:37] C:\Program Files\essai convertisseur
[04/02/2006|14:28] C:\Program Files\Oxilog
[04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
[02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
[28/01/2006|14:33] C:\Program Files\SigmaTel
[25/01/2006|21:09] C:\Program Files\Messenger
[25/01/2006|19:37] C:\Program Files\Lavasoft
[25/01/2006|19:37] C:\Program Files\PowerArchiver
[25/01/2006|19:36] C:\Program Files\Adobe
[25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
[25/01/2006|19:30] C:\Program Files\Alwil Software
[25/01/2006|16:32] C:\Program Files\Ahead
[25/01/2006|16:16] C:\Program Files\Movie Maker
[25/01/2006|16:13] C:\Program Files\NetMeeting
[25/01/2006|15:56] C:\Program Files\SiSLan
[25/01/2006|14:54] C:\Program Files\Uninstall Information
[25/01/2006|14:49] C:\Program Files\xerox
[25/01/2006|14:49] C:\Program Files\microsoft frontpage
[25/01/2006|14:47] C:\Program Files\Services en ligne
[25/01/2006|14:44] C:\Program Files\ComPlus Applications
[25/01/2006|14:44] C:\Program Files\WindowsUpdate
[25/01/2006|14:44] C:\Program Files\MSN Gaming Zone
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[12/06/2007|22:34] C:\Program Files\Fichiers communs\System
[01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
[07/03/2007|16:42] C:\Program Files\Fichiers communs\..
[07/03/2007|16:42] C:\Program Files\Fichiers communs\.
[12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
[12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
[22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
[10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
[09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
[07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
[02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
[25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
[25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
[25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
[25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
[25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 14:20:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:1830][Doss:898] C:\DOCUME~1\POULLY\LOCALS~1\Temp
/!\ [Fich:17361][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 14:23:03.18 ]----------------------
Voilà le rapport Lop:
-----------------------------[ Lop S&D 2.0.8 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER: POULLY ] [ "C:\Program Files\Lop SD" ]
[ 21/01/2008 | 14:17:31.76 ] [ YANNICK ]
[ MAJ : 21-01-2008 | 13.15 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\WINDOWS\Tasks\A8684309916FFBA9.job
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[21/01/2008|13:48] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
[14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
[01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
[01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
[12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
[22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
[29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
[06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
[21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
[15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
[27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
[07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
[07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
[25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
[25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
[25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[21/01/2008 13:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[21/01/2008|14:17] C:\Program Files\Lop SD
[21/01/2008|13:33] C:\Program Files\..
[21/01/2008|13:33] C:\Program Files\.
[21/01/2008|12:00] C:\Program Files\Helper
[17/01/2008|21:47] C:\Program Files\Temporary
[17/01/2008|19:15] C:\Program Files\Dot1XCfg
[16/01/2008|22:00] C:\Program Files\eChanblard
[09/01/2008|16:31] C:\Program Files\eMule
[21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
[21/12/2007|16:27] C:\Program Files\MSN Messenger
[11/12/2007|23:47] C:\Program Files\Internet Explorer
[19/11/2007|18:42] C:\Program Files\flashget196en.exe
[12/11/2007|18:51] C:\Program Files\LimeWire
[12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
[15/10/2007|14:34] C:\Program Files\Java
[09/10/2007|15:39] C:\Program Files\MSN plus
[09/10/2007|15:39] C:\Program Files\Multimedia V3.54
[03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
[26/09/2007|14:27] C:\Program Files\MSN Reaper
[02/09/2007|21:06] C:\Program Files\eChanblard.exe
[14/06/2007|21:13] C:\Program Files\Windows Live
[12/06/2007|22:34] C:\Program Files\Outlook Express
[08/05/2007|12:23] C:\Program Files\WinRAR
[08/04/2007|16:57] C:\Program Files\CCleaner
[02/04/2007|23:26] C:\Program Files\Grisoft
[01/04/2007|10:43] C:\Program Files\PC Camera
[22/03/2007|23:54] C:\Program Files\BitComet
[07/03/2007|18:19] C:\Program Files\Free
[07/03/2007|16:42] C:\Program Files\Fichiers communs
[07/03/2007|16:18] C:\Program Files\NETGEAR
[07/03/2007|16:18] C:\Program Files\NETGEAR(2)
[22/01/2007|21:42] C:\Program Files\VideoLAN
[09/11/2006|18:14] C:\Program Files\Windows Media Player
[09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
[09/11/2006|17:41] C:\Program Files\windows media player 11
[09/11/2006|17:28] C:\Program Files\Windows NT
[06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
[23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
[22/09/2006|15:02] C:\Program Files\Boonty
[22/09/2006|15:02] C:\Program Files\BoontyGames
[22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
[21/09/2006|19:47] C:\Program Files\DIFX
[11/04/2006|20:36] C:\Program Files\Bearshare
[22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
[09/02/2006|15:37] C:\Program Files\essai convertisseur
[04/02/2006|14:28] C:\Program Files\Oxilog
[04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
[02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
[28/01/2006|14:33] C:\Program Files\SigmaTel
[25/01/2006|21:09] C:\Program Files\Messenger
[25/01/2006|19:37] C:\Program Files\Lavasoft
[25/01/2006|19:37] C:\Program Files\PowerArchiver
[25/01/2006|19:36] C:\Program Files\Adobe
[25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
[25/01/2006|19:30] C:\Program Files\Alwil Software
[25/01/2006|16:32] C:\Program Files\Ahead
[25/01/2006|16:16] C:\Program Files\Movie Maker
[25/01/2006|16:13] C:\Program Files\NetMeeting
[25/01/2006|15:56] C:\Program Files\SiSLan
[25/01/2006|14:54] C:\Program Files\Uninstall Information
[25/01/2006|14:49] C:\Program Files\xerox
[25/01/2006|14:49] C:\Program Files\microsoft frontpage
[25/01/2006|14:47] C:\Program Files\Services en ligne
[25/01/2006|14:44] C:\Program Files\ComPlus Applications
[25/01/2006|14:44] C:\Program Files\WindowsUpdate
[25/01/2006|14:44] C:\Program Files\MSN Gaming Zone
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[12/06/2007|22:34] C:\Program Files\Fichiers communs\System
[01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
[07/03/2007|16:42] C:\Program Files\Fichiers communs\..
[07/03/2007|16:42] C:\Program Files\Fichiers communs\.
[12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
[12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
[22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
[10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
[09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
[07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
[02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
[25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
[25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
[25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
[25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
[25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 14:20:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:1830][Doss:898] C:\DOCUME~1\POULLY\LOCALS~1\Temp
/!\ [Fich:17361][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 14:23:03.18 ]----------------------
Voilà le rapport HijackThis (v1.99.1)
Logfile of HijackThis v1.99.1
Scan saved at 14:30:58, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\snrb2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\bhij.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Winupdates] snrb2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rdihost - {C575CAAC-7286-4989-84B9-192F69D7A809} - rdihost.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:30:58, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\snrb2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\bhij.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Winupdates] snrb2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rdihost - {C575CAAC-7286-4989-84B9-192F69D7A809} - rdihost.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
Re,
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Re, voilà le rapport
MSNFix 1.639-2
C:\Documents and Settings\POULLY\Mes documents\MSNFix
Fix exécuté le 22/01/2008 - 23:22:05.50 By POULLY
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\?.exe
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\POULLY\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\avp.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
... C:\Program Files\Dot1XCfg\
... C:\Program Files\Temporary\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\?.exe
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
/!\ ... C:\Documents and Settings\POULLY\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\avp.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
.. OK ... C:\Program Files\Dot1XCfg\
.. OK ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\Documents and Settings\POULLY\??????.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\cvbkwtb.exe] B5E168C0941A903BC5ABBCE5F8F31B0B
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22012008_232439.71.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.639-2
C:\Documents and Settings\POULLY\Mes documents\MSNFix
Fix exécuté le 22/01/2008 - 23:22:05.50 By POULLY
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\?.exe
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\POULLY\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\avp.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
... C:\Program Files\Dot1XCfg\
... C:\Program Files\Temporary\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\?.exe
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
/!\ ... C:\Documents and Settings\POULLY\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\avp.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
.. OK ... C:\Program Files\Dot1XCfg\
.. OK ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\Documents and Settings\POULLY\??????.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\cvbkwtb.exe] B5E168C0941A903BC5ABBCE5F8F31B0B
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22012008_232439.71.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Re, voilà un nouveau rapport
Logfile of HijackThis v1.99.1
Scan saved at 22:47:41, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Winupdates] snrb2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:47:41, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Winupdates] snrb2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Re,
Voilà le rapport
ComboFix 08-01-23.1C - POULLY 2008-01-27 15:17:26.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\lsass.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\spoolsv.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\Casino.ico
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CCEVTSVC
-------\LEGACY_MSUPDATE
-------\LEGACY_NTNDIS
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\ntndis
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\p2pnetworks
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\e-zshopper
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\amsys
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\akl
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\Accoona
2008-01-27 16:00 . 2008-01-27 16:00 <REP> d-------- C:\Program Files\3721
2008-01-27 16:00 . 2008-01-27 16:00 32,512 --a------ C:\WINDOWS\764.exe
2008-01-27 16:00 . 2008-01-27 16:00 26,368 --a------ C:\WINDOWS\wml.exe
2008-01-27 16:00 . 2008-01-27 16:00 22,016 --a------ C:\WINDOWS\system32\wml.exe
2008-01-27 16:00 . 2008-01-27 16:01 20,992 --a------ C:\WINDOWS\absolute key logger.lnk
2008-01-27 16:00 . 2008-01-27 16:00 19,200 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-01-27 16:00 . 2008-01-27 16:00 17,920 --a------ C:\WINDOWS\flt.dll
2008-01-27 16:00 . 2008-01-27 16:00 15,616 --a------ C:\WINDOWS\vxddsk.exe
2008-01-27 16:00 . 2008-01-27 16:00 15,360 --a------ C:\WINDOWS\7search.dll
2008-01-27 16:00 . 2008-01-27 16:00 9,216 --a------ C:\WINDOWS\pbar.dll
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-01-27 15:21 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-22 22:58 50,688 --a------ C:\cvbkwtb.exe
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:01 18,176 ----a-w C:\WINDOWS\system32\drivers\smtpdrv.sys
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WintelUpdate"="C:\bhij.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-27 15:21]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:00:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\764.exe 32512 bytes
C:\WINDOWS\7search.dll 15360 bytes
C:\WINDOWS\absolute key logger.lnk 20992 bytes
C:\WINDOWS\flt.dll 17920 bytes
C:\WINDOWS\system32\msole32.exe 25856 bytes
C:\WINDOWS\system32\ESHOPEE.exe 29952 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 6
**************************************************************************
.
Temps d'accomplissement: 2008-01-27 16:05:35 - machine was rebooted [POULLY]
ComboFix-quarantined-files.txt 2008-01-27 15:05:30
.
2008-01-09 12:43:21 --- E O F ---
Voilà le rapport
ComboFix 08-01-23.1C - POULLY 2008-01-27 15:17:26.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\lsass.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\spoolsv.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\Casino.ico
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CCEVTSVC
-------\LEGACY_MSUPDATE
-------\LEGACY_NTNDIS
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\ntndis
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\p2pnetworks
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\e-zshopper
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\amsys
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\akl
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\Accoona
2008-01-27 16:00 . 2008-01-27 16:00 <REP> d-------- C:\Program Files\3721
2008-01-27 16:00 . 2008-01-27 16:00 32,512 --a------ C:\WINDOWS\764.exe
2008-01-27 16:00 . 2008-01-27 16:00 26,368 --a------ C:\WINDOWS\wml.exe
2008-01-27 16:00 . 2008-01-27 16:00 22,016 --a------ C:\WINDOWS\system32\wml.exe
2008-01-27 16:00 . 2008-01-27 16:01 20,992 --a------ C:\WINDOWS\absolute key logger.lnk
2008-01-27 16:00 . 2008-01-27 16:00 19,200 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-01-27 16:00 . 2008-01-27 16:00 17,920 --a------ C:\WINDOWS\flt.dll
2008-01-27 16:00 . 2008-01-27 16:00 15,616 --a------ C:\WINDOWS\vxddsk.exe
2008-01-27 16:00 . 2008-01-27 16:00 15,360 --a------ C:\WINDOWS\7search.dll
2008-01-27 16:00 . 2008-01-27 16:00 9,216 --a------ C:\WINDOWS\pbar.dll
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-01-27 15:21 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-22 22:58 50,688 --a------ C:\cvbkwtb.exe
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:01 18,176 ----a-w C:\WINDOWS\system32\drivers\smtpdrv.sys
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WintelUpdate"="C:\bhij.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-27 15:21]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:00:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\764.exe 32512 bytes
C:\WINDOWS\7search.dll 15360 bytes
C:\WINDOWS\absolute key logger.lnk 20992 bytes
C:\WINDOWS\flt.dll 17920 bytes
C:\WINDOWS\system32\msole32.exe 25856 bytes
C:\WINDOWS\system32\ESHOPEE.exe 29952 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 6
**************************************************************************
.
Temps d'accomplissement: 2008-01-27 16:05:35 - machine was rebooted [POULLY]
ComboFix-quarantined-files.txt 2008-01-27 15:05:30
.
2008-01-09 12:43:21 --- E O F ---
Il a déjà fait un bon ménage.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Désolé, une erreur.
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Re, voilà le scan:
ComboFix 08-01-23.1C - POULLY 2008-01-30 23:02:27.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.129 [GMT 1:00]Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-01-30 23:07 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WintelUpdate"="C:\bhij.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-30 23:07]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:09:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-01-30 23:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 22:14:28
.
2008-01-09 12:43:21 --- E O F ---
ComboFix 08-01-23.1C - POULLY 2008-01-30 23:02:27.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.129 [GMT 1:00]Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-01-30 23:07 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WintelUpdate"="C:\bhij.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-30 23:07]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:09:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-01-30 23:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 22:14:28
.
2008-01-09 12:43:21 --- E O F ---
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Rootkit::
C:\WINDOWS\system32\ztx86.sys
File::
C:\WINDOWS\system32\rxjddnvj.exe
C:\bhij.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WintelUpdate"=-
C:\WINDOWS\system32\ztx86.sys
File::
C:\WINDOWS\system32\rxjddnvj.exe
C:\bhij.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WintelUpdate"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Re, voilà le rapport Combo
ComboFix 08-01-23.1C - POULLY 2008-02-04 10:46:58.7 - NTFSx86
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\bhij.exe
C:\WINDOWS\system32\rxjddnvj.exe
.
/wow section - STAGE 1
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ztx86.sys
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-01-30_23.14.10.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 14:10:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-02-04 09:45:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 14:10:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-02-04 09:45:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 14:10:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-02-04 09:45:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 14:10:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-02-04 09:45:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 14:10:11 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-02-04 09:45:49 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 14:10:13 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-02-04 09:45:50 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-30 21:51:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-02-04 09:51:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-30 21:51:21 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-04 09:51:43 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-04 08:40:54 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012820080204\index.dat
+ 2008-02-04 09:51:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008020420080205\index.dat
- 2008-01-30 21:51:21 147,456 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 09:51:43 606,208 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 09:58:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 10:59:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-04 11:04:08 - machine was rebooted [POULLY]
ComboFix-quarantined-files.txt 2008-02-04 10:04:04
ComboFix2.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
ComboFix 08-01-23.1C - POULLY 2008-02-04 10:46:58.7 - NTFSx86
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\bhij.exe
C:\WINDOWS\system32\rxjddnvj.exe
.
/wow section - STAGE 1
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ztx86.sys
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-01-30_23.14.10.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 14:10:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-02-04 09:45:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 14:10:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-02-04 09:45:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 14:10:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-02-04 09:45:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 14:10:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-02-04 09:45:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 14:10:11 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-02-04 09:45:49 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 14:10:13 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-02-04 09:45:50 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-30 21:51:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-02-04 09:51:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-30 21:51:21 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-04 09:51:43 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-04 08:40:54 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012820080204\index.dat
+ 2008-02-04 09:51:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008020420080205\index.dat
- 2008-01-30 21:51:21 147,456 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 09:51:43 606,208 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 09:58:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 10:59:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-04 11:04:08 - machine was rebooted [POULLY]
ComboFix-quarantined-files.txt 2008-02-04 10:04:04
ComboFix2.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
Et voici le rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 11:06:05, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:06:05, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Voilà le rapport
ComboFix 08-02.05.1 - POULLY 2008-02-04 22:18:31.8 - NTFSx86
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 09:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:22:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
? [49844]
? [47412]
? [47844]
? [48272]
? [49600]
? [48336]
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-04 22:27:54
ComboFix-quarantined-files.txt 2008-02-04 21:27:49
ComboFix2.txt 2008-02-04 10:04:09
ComboFix3.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
ComboFix 08-02.05.1 - POULLY 2008-02-04 22:18:31.8 - NTFSx86
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 09:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]
R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:22:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
? [49844]
? [47412]
? [47844]
? [48272]
? [49600]
? [48336]
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-04 22:27:54
ComboFix-quarantined-files.txt 2008-02-04 21:27:49
ComboFix2.txt 2008-02-04 10:04:09
ComboFix3.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
On va faire la suppression à la main.
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
Oru36
ztx86
File::
C:\WINDOWS\system32\Drivers\Oru36.sys
C:\WINDOWS\system32\ztx86.sys
Oru36
ztx86
File::
C:\WINDOWS\system32\Drivers\Oru36.sys
C:\WINDOWS\system32\ztx86.sys
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Voila le rapport Combo ( il s'est pas lancé la première fois )
ComboFix 08-02.05.1 - POULLY 2008-02-06 20:17:59.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.128 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\WINDOWS\system32\Drivers\Oru36.sys
C:\WINDOWS\system32\ztx86.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Drivers\Oru36.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ORU36
-------\Oru36
-------\ztx86
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.
2008-02-04 22:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 19:22 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 20:22:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-06 20:25:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 19:25:13
ComboFix2.txt 2008-02-04 21:27:55
ComboFix3.txt 2008-02-04 10:04:09
ComboFix4.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
ComboFix 08-02.05.1 - POULLY 2008-02-06 20:17:59.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.128 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\WINDOWS\system32\Drivers\Oru36.sys
C:\WINDOWS\system32\ztx86.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Drivers\Oru36.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ORU36
-------\Oru36
-------\ztx86
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.
2008-02-04 22:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 19:22 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 20:22:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-06 20:25:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 19:25:13
ComboFix2.txt 2008-02-04 21:27:55
ComboFix3.txt 2008-02-04 10:04:09
ComboFix4.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Re, voilà le rapport de AntiVir
AntiVir PersonalEdition Classic
Report file date: jeudi 7 février 2008 22:45
Scanning for 1095787 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: POULLY
Computer name: YANNICK
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:39:13
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 21:39:13
ANTIVIR3.VDF : 7.0.2.107 350208 Bytes 07/02/2008 21:39:13
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 07/02/2008 21:39:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/02/2008 21:39:14
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 7 février 2008 22:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\POULLY\Mes documents\MSNFix\22012008_232439.71.zip
[0] Archive type: ZIP
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/algisz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/avp.exe
[DETECTION] Contains suspicious code HEUR/Malware
--> backup/ayoshy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/btfnvs.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/cbonxi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cmmpgd.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/Dot1XCfg.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
--> backup/esutzr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ezqebs.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/fiibmu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fqsljl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gfbylm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hfndhn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hgupug.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ihptnd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jmpsvm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/krqpkt.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/lgswjv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lirwym.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lkqzyb.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/lscxdt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lygifo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mgkjhe.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/npeabq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nplqgt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oenavc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/olnujn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oynbzx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pfjwvi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/phjtml.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/pmcgda.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/pvlgsp.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/qbdqsi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rkczmy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/rnhaed.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ruehiq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/siakkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/urtfww.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/valzio.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vubrrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/whzhca.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wmuckc.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/wvhrck.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xhsltl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqijpv.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/ysrrvx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zmfbnk.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/zxiryu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47db7d69.qua'!
C:\Documents and Settings\POULLY\Mes documents\Yannick\Scripts\QuizZ-BanG\QuiZzStarZ.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
[INFO] The file was moved to '48147e90.qua'!
C:\QooBox\Quarantine\catchme2008-02-04_105840.50.zip
[0] Archive type: ZIP
--> ztx86.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '481f81b4.qua'!
C:\QooBox\Quarantine\catchme2008-02-06_202142.92.zip
[0] Archive type: ZIP
--> Oru36.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
[INFO] The file was moved to '4963e1dd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rxjddnvj.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '481581cc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Oru36.sys.vir
[DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
[INFO] The file was moved to '482081c6.qua'!
C:\WINDOWS\system32\socketa.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '480e8464.qua'!
C:\WINDOWS\system32\socksys.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '480e8465.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IBO5ZOBP\setup[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '481f8487.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: jeudi 7 février 2008 23:22
Used time: 36:59 min
The scan has been done completely.
3726 Scanning directories
235106 Files were scanned
59 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
235047 Files not concerned
1359 Archives were scanned
1 Warnings
0 Notes
AntiVir PersonalEdition Classic
Report file date: jeudi 7 février 2008 22:45
Scanning for 1095787 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: POULLY
Computer name: YANNICK
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:39:13
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 21:39:13
ANTIVIR3.VDF : 7.0.2.107 350208 Bytes 07/02/2008 21:39:13
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 07/02/2008 21:39:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/02/2008 21:39:14
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 7 février 2008 22:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\POULLY\Mes documents\MSNFix\22012008_232439.71.zip
[0] Archive type: ZIP
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/algisz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/avp.exe
[DETECTION] Contains suspicious code HEUR/Malware
--> backup/ayoshy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/btfnvs.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/cbonxi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cmmpgd.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/Dot1XCfg.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
--> backup/esutzr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ezqebs.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/fiibmu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fqsljl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gfbylm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hfndhn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hgupug.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ihptnd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jmpsvm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/krqpkt.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/lgswjv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lirwym.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lkqzyb.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/lscxdt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lygifo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mgkjhe.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/npeabq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nplqgt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oenavc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/olnujn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oynbzx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pfjwvi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/phjtml.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/pmcgda.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/pvlgsp.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/qbdqsi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rkczmy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/rnhaed.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ruehiq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/siakkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/urtfww.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/valzio.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vubrrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/whzhca.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wmuckc.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/wvhrck.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xhsltl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqijpv.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/ysrrvx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zmfbnk.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/zxiryu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47db7d69.qua'!
C:\Documents and Settings\POULLY\Mes documents\Yannick\Scripts\QuizZ-BanG\QuiZzStarZ.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
[INFO] The file was moved to '48147e90.qua'!
C:\QooBox\Quarantine\catchme2008-02-04_105840.50.zip
[0] Archive type: ZIP
--> ztx86.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '481f81b4.qua'!
C:\QooBox\Quarantine\catchme2008-02-06_202142.92.zip
[0] Archive type: ZIP
--> Oru36.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
[INFO] The file was moved to '4963e1dd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rxjddnvj.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '481581cc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Oru36.sys.vir
[DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
[INFO] The file was moved to '482081c6.qua'!
C:\WINDOWS\system32\socketa.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '480e8464.qua'!
C:\WINDOWS\system32\socksys.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '480e8465.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IBO5ZOBP\setup[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '481f8487.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: jeudi 7 février 2008 23:22
Used time: 36:59 min
The scan has been done completely.
3726 Scanning directories
235106 Files were scanned
59 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
235047 Files not concerned
1359 Archives were scanned
1 Warnings
0 Notes
Re, voilà le rapport du scan combo
ComboFix 08-02.05.1 - POULLY 2008-02-10 14:46:07.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Program Files\Avira
2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-07 22:30 . 2008-02-07 22:30 17,788,920 --a------ C:\Program Files\Antivir.exe
2008-02-06 20:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 13:00 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 22:39 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 14:48:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-10 14:48:39
ComboFix-quarantined-files.txt 2008-02-10 13:48:23
ComboFix2.txt 2008-02-06 19:25:30
ComboFix3.txt 2008-02-04 21:27:55
ComboFix4.txt 2008-02-04 10:04:09
ComboFix5.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
ComboFix 08-02.05.1 - POULLY 2008-02-10 14:46:07.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Program Files\Avira
2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-07 22:30 . 2008-02-07 22:30 17,788,920 --a------ C:\Program Files\Antivir.exe
2008-02-06 20:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 13:00 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 22:39 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 14:48:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-10 14:48:39
ComboFix-quarantined-files.txt 2008-02-10 13:48:23
ComboFix2.txt 2008-02-06 19:25:30
ComboFix3.txt 2008-02-04 21:27:55
ComboFix4.txt 2008-02-04 10:04:09
ComboFix5.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---
Mieux ?
Télécharge ewido anti-spyware micro scanner sur ton bureau.
Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
Clique sur Start Scan et laisse l'outil travailler.
Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
Poste le dans ta prochaine réponse.
Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
Télécharge ewido anti-spyware micro scanner sur ton bureau.
Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
Voilà le rapport
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\POULLY\Cookies\poully@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@adopt.euroclick[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\POULLY\Cookies\poully@adrevolver[1].txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\POULLY\Cookies\poully@adtech[1].txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\POULLY\Cookies\poully@advertising[1].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\POULLY\Cookies\poully@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\POULLY\Cookies\poully@bluestreak[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\POULLY\Cookies\poully@bs.serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Estat
Path: C:\Documents and Settings\POULLY\Cookies\poully@estat[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@fastclick[2].txt
Risk: Medium
Name: TrackingCookie.Findwhat
Path: C:\Documents and Settings\POULLY\Cookies\poully@findwhat[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\POULLY\Cookies\poully@himedia.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\POULLY\Cookies\poully@media.adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\POULLY\Cookies\poully@mediaplex[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\POULLY\Cookies\poully@overture[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\POULLY\Cookies\poully@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\POULLY\Cookies\poully@tradedoubler[1].txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\POULLY\Cookies\poully@weborama[1].txt
Risk: Medium
Name: TrackingCookie.Abcsearch
Path: C:\Documents and Settings\POULLY\Cookies\poully@www.abcsearch[1].txt
Risk: Medium
Name: Adware.ActivShopper
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
Risk: Medium
Name: Adware.Accoona
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
Risk: Medium
Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium
Name: Adware.ActivShopper
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
Risk: Medium
Name: Adware.Accoona
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium
Name: Not-A-Virus.Hacktool.EvID
Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe
Risk: Low
Name: Not-A-Virus.Hacktool.EvID
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106228.exe
Risk: Low
Name: Trojan.Agent.dwb
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106293.exe
Risk: High
Name: Downloader.Agent.erf
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106294.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106330.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106331.exe
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106398.sys
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106420.sys
Risk: High
Name: Trojan.CPEX.aq
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106424.exe
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106426.sys
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107419.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107421.exe
Risk: High
Name: Downloader.Agent.hnp
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108434.dll
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108435.sys
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108438.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108439.exe
Risk: High
Name: Backdoor.Agent.alm
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108449.exe
Risk: High
Name: Worm.Agent.l
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108450.sys
Risk: High
Name: Downloader.Adload.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108470.exe
Risk: High
Name: Backdoor.Agent.alm
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108471.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108515.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108516.exe
Risk: High
Name: Trojan.CPEX.aq
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109441.exe
Risk: High
Name: Backdoor.Small.crw
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109442.exe
Risk: High
Name: Trojan.Sinowal.gf
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109443.exe
Risk: High
Name: Downloader.Small.huv
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109445.exe
Risk: High
Name: Backdoor.SdBot.asy
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109452.exe
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109465.sys
Risk: High
Name: Trojan.Agent.elr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109472.exe
Risk: High
Name: Backdoor.SdBot.aqp
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109473.sys
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109502.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109507.sys
Risk: High
Name: Not-A-Virus.Downloader.Win32.UltimateFix.e
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111581.exe
Risk: Low
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111636.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111686.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111770.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111817.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP605\A0111848.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111861.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111934.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP607\A0111964.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP609\A0112035.sys
Risk: High
Name: Not-A-Virus.Hoax.Win32.Renos.asa
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP610\A0112112.exe
Risk: Low
Name: TrackingCookie.Atdmt
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt
Risk: Medium
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\POULLY\Cookies\poully@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@adopt.euroclick[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\POULLY\Cookies\poully@adrevolver[1].txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\POULLY\Cookies\poully@adtech[1].txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\POULLY\Cookies\poully@advertising[1].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\POULLY\Cookies\poully@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\POULLY\Cookies\poully@bluestreak[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\POULLY\Cookies\poully@bs.serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Estat
Path: C:\Documents and Settings\POULLY\Cookies\poully@estat[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@fastclick[2].txt
Risk: Medium
Name: TrackingCookie.Findwhat
Path: C:\Documents and Settings\POULLY\Cookies\poully@findwhat[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\POULLY\Cookies\poully@himedia.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\POULLY\Cookies\poully@media.adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\POULLY\Cookies\poully@mediaplex[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\POULLY\Cookies\poully@overture[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\POULLY\Cookies\poully@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\POULLY\Cookies\poully@tradedoubler[1].txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\POULLY\Cookies\poully@weborama[1].txt
Risk: Medium
Name: TrackingCookie.Abcsearch
Path: C:\Documents and Settings\POULLY\Cookies\poully@www.abcsearch[1].txt
Risk: Medium
Name: Adware.ActivShopper
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
Risk: Medium
Name: Adware.Accoona
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
Risk: Medium
Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium
Name: Adware.ActivShopper
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
Risk: Medium
Name: Adware.Accoona
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium
Name: Not-A-Virus.Hacktool.EvID
Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe
Risk: Low
Name: Not-A-Virus.Hacktool.EvID
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106228.exe
Risk: Low
Name: Trojan.Agent.dwb
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106293.exe
Risk: High
Name: Downloader.Agent.erf
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106294.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106330.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106331.exe
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106398.sys
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106420.sys
Risk: High
Name: Trojan.CPEX.aq
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106424.exe
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106426.sys
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107419.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107421.exe
Risk: High
Name: Downloader.Agent.hnp
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108434.dll
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108435.sys
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108438.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108439.exe
Risk: High
Name: Backdoor.Agent.alm
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108449.exe
Risk: High
Name: Worm.Agent.l
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108450.sys
Risk: High
Name: Downloader.Adload.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108470.exe
Risk: High
Name: Backdoor.Agent.alm
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108471.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108515.exe
Risk: High
Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108516.exe
Risk: High
Name: Trojan.CPEX.aq
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109441.exe
Risk: High
Name: Backdoor.Small.crw
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109442.exe
Risk: High
Name: Trojan.Sinowal.gf
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109443.exe
Risk: High
Name: Downloader.Small.huv
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109445.exe
Risk: High
Name: Backdoor.SdBot.asy
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109452.exe
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109465.sys
Risk: High
Name: Trojan.Agent.elr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109472.exe
Risk: High
Name: Backdoor.SdBot.aqp
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109473.sys
Risk: High
Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109502.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109507.sys
Risk: High
Name: Not-A-Virus.Downloader.Win32.UltimateFix.e
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111581.exe
Risk: Low
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111636.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111686.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111770.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111817.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP605\A0111848.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111861.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111934.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP607\A0111964.sys
Risk: High
Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP609\A0112035.sys
Risk: High
Name: Not-A-Virus.Hoax.Win32.Renos.asa
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP610\A0112112.exe
Risk: Low
Name: TrackingCookie.Atdmt
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt
Risk: Medium
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus redirige pub internet
- ForumPub internet explorer virus
- ForumVirus pub internet explorer
- ForumVirus internet explorer pub
- ForumVirus internet pub
- ForumVirus pub cid et autres
- ForumVirus avec pub incecente sur internet
- ForumVirus, iexplorer lance seul, pub cid
- ForumVirus fenetres pub cid
- ForumCid virus
- Voir plus
