Virus- Rapport Hijackthis
Dernière réponse : dans Sécurité
Salut,
Mon ordinateur est envahi par toute sorte de virus. Les problèmes sont vraiment nombreux et variés : impossible d'éteindre complètement l'ordinateur, fenêtres d'alerte de virus et trojan régulières, impossible d'accéder au poste de travail, impossible d'accéder au gestionnaire des tâches.....etc. J'ai passé un coup de Spybot et de ewido, mias comme je m'y attendais cela n'a pas suffit à régler les problèmes et j'ai toujours des alertes de trojans.
J'ai effectué un scan avec Hijackthis (je l'ai fait en mode sans échec car sinon ca ne marchait pas...): Voici le rapport quelques lignes dessous.
Voilà si quelqu'un peut me dire comment me débarasser de tout ca, merci d'avance.
Laurent
rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:24, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
H:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winlsd.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b33a5d56-1dd1-11b2-a0e2-ab3b0eac6b49} - C:\WINDOWS\tavcrwjo.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C9287202-FB35-48E7-8CAA-1DBA79BDAFE5} - C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202668445.dll (file missing)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [xcbwpilu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xcbwpilu.dll"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [EEF1F1F9F3FBF7F] F9FCFC05FE070.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3227] command /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1445] cmd /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2876] command /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8225] cmd /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKLM\..\Policies\Explorer\Run: [6T32B2J79N] C:\WINDOWS\sysst32.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: ibuntu - C:\WINDOWS\SYSTEM32\ibuntu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9546 bytes
Mon ordinateur est envahi par toute sorte de virus. Les problèmes sont vraiment nombreux et variés : impossible d'éteindre complètement l'ordinateur, fenêtres d'alerte de virus et trojan régulières, impossible d'accéder au poste de travail, impossible d'accéder au gestionnaire des tâches.....etc. J'ai passé un coup de Spybot et de ewido, mias comme je m'y attendais cela n'a pas suffit à régler les problèmes et j'ai toujours des alertes de trojans.
J'ai effectué un scan avec Hijackthis (je l'ai fait en mode sans échec car sinon ca ne marchait pas...): Voici le rapport quelques lignes dessous.
Voilà si quelqu'un peut me dire comment me débarasser de tout ca, merci d'avance.
Laurent
rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:24, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
H:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winlsd.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b33a5d56-1dd1-11b2-a0e2-ab3b0eac6b49} - C:\WINDOWS\tavcrwjo.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C9287202-FB35-48E7-8CAA-1DBA79BDAFE5} - C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202668445.dll (file missing)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [xcbwpilu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xcbwpilu.dll"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [EEF1F1F9F3FBF7F] F9FCFC05FE070.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3227] command /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1445] cmd /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2876] command /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8225] cmd /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKLM\..\Policies\Explorer\Run: [6T32B2J79N] C:\WINDOWS\sysst32.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: ibuntu - C:\WINDOWS\SYSTEM32\ibuntu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9546 bytes
Autres pages sur : virus rapport hijackthis
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Voici le rapport:
ComboFix 08-02-17.2 - Famille 2008-02-17 14:02:36.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.334 [GMT 1:00]
Endroit: H:\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\All Users\Application Data.\xcbwpilu.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Helper
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\dg0GhYUDQVwp.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\drivers\DXY76.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\tavcrwjo.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\youtubex.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DXY76
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\WINDOWS\system32\acespy
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\p2pnetworks
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\e-zshopper
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\amsys
2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\akl
2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\Accoona
2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\3721
2008-02-17 12:26 . 2008-02-17 12:26 268 --ah----- C:\sqmdata06.sqm
2008-02-17 12:26 . 2008-02-17 12:26 244 --ah----- C:\sqmnoopt06.sqm
2008-02-17 12:21 . 2008-02-17 12:52 486 --a------ C:\WINDOWS\wininit.ini
2008-02-17 11:45 . 2008-02-17 11:45 18,368 --a------ C:\WINDOWS\system32\service.sys
2008-02-17 11:43 . 2008-02-17 11:43 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 11:42 . 2008-02-17 11:42 22,016 --a------ C:\Documents and Settings\Famille\zunprc.exe
2008-02-17 11:10 . 2008-02-17 11:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-17 00:18 . 2008-02-17 00:18 268 --ah----- C:\sqmdata05.sqm
2008-02-17 00:18 . 2008-02-17 00:18 244 --ah----- C:\sqmnoopt05.sqm
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Program Files\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-16 23:16 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-16 23:16 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-16 23:16 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-16 23:16 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-02-16 23:10 . 2008-02-17 11:15 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-16 23:10 . 2008-02-16 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-16 23:09 . 2008-02-17 14:09 <REP> d-------- C:\Program Files\a-squared
2008-02-16 23:08 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\Yahoo!
2008-02-16 23:08 . 2008-02-16 23:09 <REP> d-------- C:\Program Files\CCleaner
2008-02-16 23:00 . 2008-02-16 23:00 268 --ah----- C:\sqmdata04.sqm
2008-02-16 23:00 . 2008-02-16 23:00 244 --ah----- C:\sqmnoopt04.sqm
2008-02-16 18:10 . 2008-02-16 18:07 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 18:02 . 2008-02-17 11:43 151,552 --a------ C:\blhhjtpx.exe
2008-02-16 18:02 . 2008-02-17 11:43 54,272 --a------ C:\urdeuvmj.exe
2008-02-16 18:02 . 2008-02-16 18:02 22,016 --a------ C:\Documents and Settings\Famille\xgnfvi.exe
2008-02-16 18:00 . 2008-02-17 11:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 18:00 . 2008-02-17 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 17:54 . 2008-02-16 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 17:52 . 2008-02-16 17:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 17:52 . 2008-02-16 17:52 172 --ah----- C:\sqmnoopt03.sqm
2008-02-16 17:23 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\ewido anti-malware
2008-02-10 20:10 . 2008-02-10 20:10 22,016 --a------ C:\Documents and Settings\Famille\goqezf.exe
2008-02-10 20:10 . 2008-02-10 20:10 5,632 --a------ C:\Documents and Settings\Famille\arzxeb.exe
2008-02-10 20:03 . 2008-02-10 20:03 5,632 --a------ C:\Documents and Settings\Famille\iavzps.exe
2008-02-10 19:46 . 2008-02-17 14:07 37,074 --a------ C:\Documents and Settings\Famille\nmacjahb.exe
2008-02-10 19:41 . 2008-02-10 19:40 8,704 --a------ C:\WINDOWS\sysst32.exe
2008-02-10 19:40 . 2008-02-10 19:40 8,704 --a------ C:\Documents and Settings\Famille\arkfth.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\ahutyus.exe
2008-02-10 19:39 . 2008-02-10 19:39 63,697 --a------ C:\Documents and Settings\Famille\riswhk.exe
2008-02-10 19:38 . 2008-02-10 19:38 3,795,158 --a------ C:\WINDOWS\dg0GhYUDQV.exe
2008-02-10 19:32 . 2008-02-10 19:32 <REP> d-------- C:\WINDOWS\afafnwgd
2008-02-10 19:32 . 2008-02-10 19:32 180,224 --a------ C:\WINDOWS\fideharw.dll
2008-02-10 19:32 . 2008-02-17 11:43 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\bmfgpqte.exe
2008-02-10 19:32 . 2008-02-10 19:32 40,960 --a------ C:\WINDOWS\nmxipsju.exe
2008-02-10 19:32 . 2008-02-10 19:32 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-10 19:32 . 2008-02-11 19:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-10 19:31 . 2008-02-10 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-10 19:31 . 2008-02-10 19:31 6,672 --a------ C:\WINDOWS\system32\ibuntu.dll
2008-02-10 19:31 . 2008-02-10 19:31 5,632 --a------ C:\Documents and Settings\Famille\phoggq.exe
2008-02-10 19:31 . 2008-02-17 12:55 2,528 --a------ C:\WINDOWS\system32\krnllds.sys
2008-02-09 17:33 . 2008-02-09 17:33 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sports Interactive
2008-02-09 17:06 . 2008-02-09 17:08 <REP> d--h----- C:\Program Files\Zero G Registry
2008-02-09 17:06 . 2008-02-09 17:06 <REP> d-------- C:\Program Files\Sports Interactive
2008-02-09 17:05 . 2008-02-09 17:05 <REP> d--h----- C:\Documents and Settings\Famille\InstallAnywhere
2008-01-29 21:02 . 2008-01-29 21:02 <REP> d-------- C:\Program Files\FLVPlayer
2008-01-29 20:57 . 2008-01-29 20:58 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2008-01-29 20:48 . 2008-01-29 20:48 <REP> d-------- C:\Program Files\Eurekr.com
2008-01-26 11:20 . 2008-02-16 09:58 <REP> d-------- C:\Program Files\Incomplete
2008-01-24 15:03 . 2008-01-24 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ideas From the Deep
2008-01-23 21:42 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\Application Data\pokerth
2008-01-23 21:39 . 2008-01-23 21:40 <REP> d-------- C:\Program Files\PokerTH
2008-01-23 21:38 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\.bitrock
2008-01-23 13:29 . 2008-02-10 19:39 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-01-23 13:25 . 2008-01-23 13:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 13:17 . 2008-01-23 13:32 <REP> d-------- C:\SDFix
2008-01-23 13:11 . 2008-01-23 13:11 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
2008-01-23 13:11 . 2008-01-23 13:11 5,632 --a------ C:\Documents and Settings\Famille\cchxzd.exe
2008-01-22 23:03 . 2008-01-22 23:03 9,296 --a------ C:\Documents and Settings\Famille\gvplup.exe
2008-01-22 22:59 . 2008-01-22 22:59 9,296 --a------ C:\Documents and Settings\Famille\whzxmh.exe
2008-01-22 22:55 . 2008-01-22 22:55 9,296 --a------ C:\Documents and Settings\Famille\lymakv.exe
2008-01-22 22:51 . 2008-01-22 22:51 9,296 --a------ C:\Documents and Settings\Famille\qutnpm.exe
2008-01-22 22:47 . 2008-01-22 22:47 9,296 --a------ C:\Documents and Settings\Famille\mloeyx.exe
2008-01-22 22:43 . 2008-01-22 22:43 9,296 --a------ C:\Documents and Settings\Famille\fbjcaa.exe
2008-01-22 22:38 . 2008-01-22 22:38 9,296 --a------ C:\Documents and Settings\Famille\qnjfkj.exe
2008-01-22 22:34 . 2008-01-22 22:34 9,296 --a------ C:\Documents and Settings\Famille\kksryo.exe
2008-01-22 22:30 . 2008-01-22 22:30 9,296 --a------ C:\Documents and Settings\Famille\iuoklf.exe
2008-01-22 22:26 . 2008-01-22 22:26 9,296 --a------ C:\Documents and Settings\Famille\awtgtc.exe
2008-01-22 22:22 . 2008-01-22 22:22 9,296 --a------ C:\Documents and Settings\Famille\yoaaos.exe
2008-01-22 22:18 . 2008-01-22 22:18 9,296 --a------ C:\Documents and Settings\Famille\bbjwyq.exe
2008-01-22 22:13 . 2008-01-22 22:13 9,296 --a------ C:\Documents and Settings\Famille\hrgavt.exe
2008-01-22 22:09 . 2008-01-22 22:09 9,296 --a------ C:\Documents and Settings\Famille\qftemz.exe
2008-01-22 22:05 . 2008-01-22 22:05 9,296 --a------ C:\Documents and Settings\Famille\pkvnxl.exe
2008-01-22 22:01 . 2008-01-22 22:01 9,296 --a------ C:\Documents and Settings\Famille\mzrtho.exe
2008-01-22 21:57 . 2008-01-22 21:57 9,296 --a------ C:\Documents and Settings\Famille\blnrkr.exe
2008-01-22 21:53 . 2008-01-22 21:53 9,296 --a------ C:\Documents and Settings\Famille\kgedto.exe
2008-01-22 21:48 . 2008-01-22 21:48 9,296 --a------ C:\Documents and Settings\Famille\wzkcya.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 11:27 5,120 ----a-w C:\WINDOWS\logon32.dll
2008-02-16 14:14 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
2008-02-10 19:17 --------- d-----w C:\Program Files\ICQToolbar
2008-02-01 09:05 --------- d-----w C:\Documents and Settings\Famille\Application Data\Canon
2008-01-27 07:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\BSplayer
2008-01-26 10:26 --------- d-----w C:\Program Files\EA SPORTS
2008-01-22 21:54 --------- d-----w C:\Documents and Settings\Famille\Application Data\AdobeUM
2008-01-22 16:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-14 14:48 --------- d-----w C:\Program Files\ICQ6
2008-01-13 07:47 --------- d-----w C:\Program Files\YoutubeGet
2008-01-04 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 17:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-04 17:06 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-01-03 11:34 --------- d-----w C:\Program Files\Google
2007-12-30 10:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2007-12-30 10:25 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-30 10:25 --------- d-----w C:\Program Files\Fighter Squadron
2007-12-30 10:25 --------- d-----w C:\Program Files\EA GAMES
2007-12-30 10:17 --------- d-----w C:\Documents and Settings\Famille\Application Data\Atari
2007-12-28 08:57 --------- d-----w C:\Documents and Settings\Famille\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Program Files\QuickTime
2007-12-28 00:30 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 13:35 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-12-25 11:48 --------- d-----w C:\Program Files\MTVVideoConverter_V1.11.4
2007-12-24 15:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-24 15:29 --------- d-----w C:\Documents and Settings\Famille\Application Data\Ahead
2007-12-24 15:28 --------- d-----w C:\Program Files\Nero
2007-12-23 14:22 --------- d-----w C:\Program Files\Shareaza
2007-12-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-23 09:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-12-20 17:25 --------- d-----w C:\Documents and Settings\Famille\Application Data\dvdcss
2007-12-15 14:11 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 16:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b33a5d56-1dd1-11b2-a0e2-ab3b0eac6b49}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9287202-FB35-48E7-8CAA-1DBA79BDAFE5}]
C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202668445.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-02-17 11:43 26112 --a------ C:\WINDOWS\system32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-07 10:42 5674352]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"a-squared"="C:\Program Files\a-squared\a2guard.exe" [2005-10-20 14:42 1144320]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 16:36 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-16 23:10 1348608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:52 3871744]
"EEF1F1F9F3FBF7F"="F9FCFC05FE070.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2005-07-14 16:39 2310]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"6T32B2J79N"= C:\WINDOWS\sysst32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
ibuntu.dll 2008-02-10 19:31 6672 C:\WINDOWS\system32\ibuntu.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-11-06 10:25 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 09:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 09:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-12-09 14:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE Backup]
--a------ 2006-08-20 17:10 2023424 C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12]
R1 krnllds;Kernel CryptoModule;C:\WINDOWS\system32\krnllds.sys [2008-02-17 12:55]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-02-16 23:10]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a949797-c73d-11dc-ba72-0030bdbb5726}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - SSFS0509
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 00:30:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 14:09:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ibuntu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-17 14:11:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 13:11:06
ComboFix 08-02-17.2 - Famille 2008-02-17 14:02:36.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.334 [GMT 1:00]
Endroit: H:\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\All Users\Application Data.\xcbwpilu.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Helper
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\dg0GhYUDQVwp.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\drivers\DXY76.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\tavcrwjo.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\youtubex.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DXY76
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\WINDOWS\system32\acespy
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\p2pnetworks
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\e-zshopper
2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\amsys
2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\akl
2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\Accoona
2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\3721
2008-02-17 12:26 . 2008-02-17 12:26 268 --ah----- C:\sqmdata06.sqm
2008-02-17 12:26 . 2008-02-17 12:26 244 --ah----- C:\sqmnoopt06.sqm
2008-02-17 12:21 . 2008-02-17 12:52 486 --a------ C:\WINDOWS\wininit.ini
2008-02-17 11:45 . 2008-02-17 11:45 18,368 --a------ C:\WINDOWS\system32\service.sys
2008-02-17 11:43 . 2008-02-17 11:43 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 11:42 . 2008-02-17 11:42 22,016 --a------ C:\Documents and Settings\Famille\zunprc.exe
2008-02-17 11:10 . 2008-02-17 11:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-17 00:18 . 2008-02-17 00:18 268 --ah----- C:\sqmdata05.sqm
2008-02-17 00:18 . 2008-02-17 00:18 244 --ah----- C:\sqmnoopt05.sqm
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Program Files\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-16 23:16 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-16 23:16 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-16 23:16 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-16 23:16 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-02-16 23:10 . 2008-02-17 11:15 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-16 23:10 . 2008-02-16 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-16 23:09 . 2008-02-17 14:09 <REP> d-------- C:\Program Files\a-squared
2008-02-16 23:08 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\Yahoo!
2008-02-16 23:08 . 2008-02-16 23:09 <REP> d-------- C:\Program Files\CCleaner
2008-02-16 23:00 . 2008-02-16 23:00 268 --ah----- C:\sqmdata04.sqm
2008-02-16 23:00 . 2008-02-16 23:00 244 --ah----- C:\sqmnoopt04.sqm
2008-02-16 18:10 . 2008-02-16 18:07 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 18:02 . 2008-02-17 11:43 151,552 --a------ C:\blhhjtpx.exe
2008-02-16 18:02 . 2008-02-17 11:43 54,272 --a------ C:\urdeuvmj.exe
2008-02-16 18:02 . 2008-02-16 18:02 22,016 --a------ C:\Documents and Settings\Famille\xgnfvi.exe
2008-02-16 18:00 . 2008-02-17 11:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 18:00 . 2008-02-17 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 17:54 . 2008-02-16 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 17:52 . 2008-02-16 17:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 17:52 . 2008-02-16 17:52 172 --ah----- C:\sqmnoopt03.sqm
2008-02-16 17:23 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\ewido anti-malware
2008-02-10 20:10 . 2008-02-10 20:10 22,016 --a------ C:\Documents and Settings\Famille\goqezf.exe
2008-02-10 20:10 . 2008-02-10 20:10 5,632 --a------ C:\Documents and Settings\Famille\arzxeb.exe
2008-02-10 20:03 . 2008-02-10 20:03 5,632 --a------ C:\Documents and Settings\Famille\iavzps.exe
2008-02-10 19:46 . 2008-02-17 14:07 37,074 --a------ C:\Documents and Settings\Famille\nmacjahb.exe
2008-02-10 19:41 . 2008-02-10 19:40 8,704 --a------ C:\WINDOWS\sysst32.exe
2008-02-10 19:40 . 2008-02-10 19:40 8,704 --a------ C:\Documents and Settings\Famille\arkfth.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\ahutyus.exe
2008-02-10 19:39 . 2008-02-10 19:39 63,697 --a------ C:\Documents and Settings\Famille\riswhk.exe
2008-02-10 19:38 . 2008-02-10 19:38 3,795,158 --a------ C:\WINDOWS\dg0GhYUDQV.exe
2008-02-10 19:32 . 2008-02-10 19:32 <REP> d-------- C:\WINDOWS\afafnwgd
2008-02-10 19:32 . 2008-02-10 19:32 180,224 --a------ C:\WINDOWS\fideharw.dll
2008-02-10 19:32 . 2008-02-17 11:43 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\bmfgpqte.exe
2008-02-10 19:32 . 2008-02-10 19:32 40,960 --a------ C:\WINDOWS\nmxipsju.exe
2008-02-10 19:32 . 2008-02-10 19:32 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-10 19:32 . 2008-02-11 19:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-10 19:31 . 2008-02-10 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-10 19:31 . 2008-02-10 19:31 6,672 --a------ C:\WINDOWS\system32\ibuntu.dll
2008-02-10 19:31 . 2008-02-10 19:31 5,632 --a------ C:\Documents and Settings\Famille\phoggq.exe
2008-02-10 19:31 . 2008-02-17 12:55 2,528 --a------ C:\WINDOWS\system32\krnllds.sys
2008-02-09 17:33 . 2008-02-09 17:33 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sports Interactive
2008-02-09 17:06 . 2008-02-09 17:08 <REP> d--h----- C:\Program Files\Zero G Registry
2008-02-09 17:06 . 2008-02-09 17:06 <REP> d-------- C:\Program Files\Sports Interactive
2008-02-09 17:05 . 2008-02-09 17:05 <REP> d--h----- C:\Documents and Settings\Famille\InstallAnywhere
2008-01-29 21:02 . 2008-01-29 21:02 <REP> d-------- C:\Program Files\FLVPlayer
2008-01-29 20:57 . 2008-01-29 20:58 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2008-01-29 20:48 . 2008-01-29 20:48 <REP> d-------- C:\Program Files\Eurekr.com
2008-01-26 11:20 . 2008-02-16 09:58 <REP> d-------- C:\Program Files\Incomplete
2008-01-24 15:03 . 2008-01-24 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ideas From the Deep
2008-01-23 21:42 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\Application Data\pokerth
2008-01-23 21:39 . 2008-01-23 21:40 <REP> d-------- C:\Program Files\PokerTH
2008-01-23 21:38 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\.bitrock
2008-01-23 13:29 . 2008-02-10 19:39 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-01-23 13:25 . 2008-01-23 13:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 13:17 . 2008-01-23 13:32 <REP> d-------- C:\SDFix
2008-01-23 13:11 . 2008-01-23 13:11 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
2008-01-23 13:11 . 2008-01-23 13:11 5,632 --a------ C:\Documents and Settings\Famille\cchxzd.exe
2008-01-22 23:03 . 2008-01-22 23:03 9,296 --a------ C:\Documents and Settings\Famille\gvplup.exe
2008-01-22 22:59 . 2008-01-22 22:59 9,296 --a------ C:\Documents and Settings\Famille\whzxmh.exe
2008-01-22 22:55 . 2008-01-22 22:55 9,296 --a------ C:\Documents and Settings\Famille\lymakv.exe
2008-01-22 22:51 . 2008-01-22 22:51 9,296 --a------ C:\Documents and Settings\Famille\qutnpm.exe
2008-01-22 22:47 . 2008-01-22 22:47 9,296 --a------ C:\Documents and Settings\Famille\mloeyx.exe
2008-01-22 22:43 . 2008-01-22 22:43 9,296 --a------ C:\Documents and Settings\Famille\fbjcaa.exe
2008-01-22 22:38 . 2008-01-22 22:38 9,296 --a------ C:\Documents and Settings\Famille\qnjfkj.exe
2008-01-22 22:34 . 2008-01-22 22:34 9,296 --a------ C:\Documents and Settings\Famille\kksryo.exe
2008-01-22 22:30 . 2008-01-22 22:30 9,296 --a------ C:\Documents and Settings\Famille\iuoklf.exe
2008-01-22 22:26 . 2008-01-22 22:26 9,296 --a------ C:\Documents and Settings\Famille\awtgtc.exe
2008-01-22 22:22 . 2008-01-22 22:22 9,296 --a------ C:\Documents and Settings\Famille\yoaaos.exe
2008-01-22 22:18 . 2008-01-22 22:18 9,296 --a------ C:\Documents and Settings\Famille\bbjwyq.exe
2008-01-22 22:13 . 2008-01-22 22:13 9,296 --a------ C:\Documents and Settings\Famille\hrgavt.exe
2008-01-22 22:09 . 2008-01-22 22:09 9,296 --a------ C:\Documents and Settings\Famille\qftemz.exe
2008-01-22 22:05 . 2008-01-22 22:05 9,296 --a------ C:\Documents and Settings\Famille\pkvnxl.exe
2008-01-22 22:01 . 2008-01-22 22:01 9,296 --a------ C:\Documents and Settings\Famille\mzrtho.exe
2008-01-22 21:57 . 2008-01-22 21:57 9,296 --a------ C:\Documents and Settings\Famille\blnrkr.exe
2008-01-22 21:53 . 2008-01-22 21:53 9,296 --a------ C:\Documents and Settings\Famille\kgedto.exe
2008-01-22 21:48 . 2008-01-22 21:48 9,296 --a------ C:\Documents and Settings\Famille\wzkcya.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 11:27 5,120 ----a-w C:\WINDOWS\logon32.dll
2008-02-16 14:14 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
2008-02-10 19:17 --------- d-----w C:\Program Files\ICQToolbar
2008-02-01 09:05 --------- d-----w C:\Documents and Settings\Famille\Application Data\Canon
2008-01-27 07:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\BSplayer
2008-01-26 10:26 --------- d-----w C:\Program Files\EA SPORTS
2008-01-22 21:54 --------- d-----w C:\Documents and Settings\Famille\Application Data\AdobeUM
2008-01-22 16:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-14 14:48 --------- d-----w C:\Program Files\ICQ6
2008-01-13 07:47 --------- d-----w C:\Program Files\YoutubeGet
2008-01-04 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 17:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-04 17:06 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-01-03 11:34 --------- d-----w C:\Program Files\Google
2007-12-30 10:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2007-12-30 10:25 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-30 10:25 --------- d-----w C:\Program Files\Fighter Squadron
2007-12-30 10:25 --------- d-----w C:\Program Files\EA GAMES
2007-12-30 10:17 --------- d-----w C:\Documents and Settings\Famille\Application Data\Atari
2007-12-28 08:57 --------- d-----w C:\Documents and Settings\Famille\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Program Files\QuickTime
2007-12-28 00:30 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 13:35 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-12-25 11:48 --------- d-----w C:\Program Files\MTVVideoConverter_V1.11.4
2007-12-24 15:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-24 15:29 --------- d-----w C:\Documents and Settings\Famille\Application Data\Ahead
2007-12-24 15:28 --------- d-----w C:\Program Files\Nero
2007-12-23 14:22 --------- d-----w C:\Program Files\Shareaza
2007-12-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-23 09:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-12-20 17:25 --------- d-----w C:\Documents and Settings\Famille\Application Data\dvdcss
2007-12-15 14:11 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 16:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b33a5d56-1dd1-11b2-a0e2-ab3b0eac6b49}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9287202-FB35-48E7-8CAA-1DBA79BDAFE5}]
C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202668445.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-02-17 11:43 26112 --a------ C:\WINDOWS\system32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-07 10:42 5674352]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"a-squared"="C:\Program Files\a-squared\a2guard.exe" [2005-10-20 14:42 1144320]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 16:36 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-16 23:10 1348608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:52 3871744]
"EEF1F1F9F3FBF7F"="F9FCFC05FE070.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2005-07-14 16:39 2310]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"6T32B2J79N"= C:\WINDOWS\sysst32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
ibuntu.dll 2008-02-10 19:31 6672 C:\WINDOWS\system32\ibuntu.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-11-06 10:25 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 09:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 09:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-12-09 14:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE Backup]
--a------ 2006-08-20 17:10 2023424 C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12]
R1 krnllds;Kernel CryptoModule;C:\WINDOWS\system32\krnllds.sys [2008-02-17 12:55]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-02-16 23:10]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a949797-c73d-11dc-ba72-0030bdbb5726}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - SSFS0509
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 00:30:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 14:09:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ibuntu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-17 14:11:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 13:11:06
Re,
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Voilà le rapport:
BTFix 1.078 (par bibi26) - 17/02/2008 18:12:28 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\Famille\Bureau\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\Program Files\Accoona\
- C:\Program Files\e-zshopper\
---> Nettoyage terminé
Merci pour ton aide. J'attends la suite.
BTFix 1.078 (par bibi26) - 17/02/2008 18:12:28 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\Famille\Bureau\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\Program Files\Accoona\
- C:\Program Files\e-zshopper\
---> Nettoyage terminé
Merci pour ton aide. J'attends la suite.
Voici le rapport:
J'attends la suite.Merci.
ComboFix 08-02-17.2 - Famille 2008-02-17 18:37:29.2 - NTFSx86
Endroit: H:\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\drivers\symavc32.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 12:26 . 2008-02-17 12:26 268 --ah----- C:\sqmdata06.sqm
2008-02-17 12:26 . 2008-02-17 12:26 244 --ah----- C:\sqmnoopt06.sqm
2008-02-17 12:21 . 2008-02-17 12:52 486 --a------ C:\WINDOWS\wininit.ini
2008-02-17 11:45 . 2008-02-17 11:45 18,368 --a------ C:\WINDOWS\system32\service.sys
2008-02-17 11:43 . 2008-02-17 11:43 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 11:42 . 2008-02-17 11:42 22,016 --a------ C:\Documents and Settings\Famille\zunprc.exe
2008-02-17 11:10 . 2008-02-17 11:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-17 00:18 . 2008-02-17 00:18 268 --ah----- C:\sqmdata05.sqm
2008-02-17 00:18 . 2008-02-17 00:18 244 --ah----- C:\sqmnoopt05.sqm
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Program Files\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-16 23:16 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-16 23:16 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-16 23:16 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-16 23:16 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-02-16 23:10 . 2008-02-17 11:15 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-16 23:10 . 2008-02-16 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-16 23:09 . 2008-02-17 14:09 <REP> d-------- C:\Program Files\a-squared
2008-02-16 23:08 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\Yahoo!
2008-02-16 23:08 . 2008-02-16 23:09 <REP> d-------- C:\Program Files\CCleaner
2008-02-16 23:00 . 2008-02-16 23:00 268 --ah----- C:\sqmdata04.sqm
2008-02-16 23:00 . 2008-02-16 23:00 244 --ah----- C:\sqmnoopt04.sqm
2008-02-16 18:10 . 2008-02-16 18:07 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 18:02 . 2008-02-17 11:43 151,552 --a------ C:\blhhjtpx.exe
2008-02-16 18:02 . 2008-02-17 11:43 54,272 --a------ C:\urdeuvmj.exe
2008-02-16 18:02 . 2008-02-16 18:02 22,016 --a------ C:\Documents and Settings\Famille\xgnfvi.exe
2008-02-16 18:00 . 2008-02-17 11:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 18:00 . 2008-02-17 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 17:54 . 2008-02-16 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 17:52 . 2008-02-16 17:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 17:52 . 2008-02-16 17:52 172 --ah----- C:\sqmnoopt03.sqm
2008-02-16 17:23 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\ewido anti-malware
2008-02-10 20:10 . 2008-02-10 20:10 22,016 --a------ C:\Documents and Settings\Famille\goqezf.exe
2008-02-10 20:10 . 2008-02-10 20:10 5,632 --a------ C:\Documents and Settings\Famille\arzxeb.exe
2008-02-10 20:03 . 2008-02-10 20:03 5,632 --a------ C:\Documents and Settings\Famille\iavzps.exe
2008-02-10 19:46 . 2008-02-17 18:37 37,074 --a------ C:\Documents and Settings\Famille\nmacjahb.exe
2008-02-10 19:41 . 2008-02-10 19:40 8,704 --a------ C:\WINDOWS\sysst32.exe
2008-02-10 19:40 . 2008-02-10 19:40 8,704 --a------ C:\Documents and Settings\Famille\arkfth.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\ahutyus.exe
2008-02-10 19:39 . 2008-02-10 19:39 63,697 --a------ C:\Documents and Settings\Famille\riswhk.exe
2008-02-10 19:38 . 2008-02-10 19:38 3,795,158 --a------ C:\WINDOWS\dg0GhYUDQV.exe
2008-02-10 19:32 . 2008-02-10 19:32 <REP> d-------- C:\WINDOWS\afafnwgd
2008-02-10 19:32 . 2008-02-10 19:32 180,224 --a------ C:\WINDOWS\fideharw.dll
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\bmfgpqte.exe
2008-02-10 19:32 . 2008-02-10 19:32 40,960 --a------ C:\WINDOWS\nmxipsju.exe
2008-02-10 19:32 . 2008-02-10 19:32 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-10 19:32 . 2008-02-11 19:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-10 19:31 . 2008-02-10 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-10 19:31 . 2008-02-10 19:31 6,672 --a------ C:\WINDOWS\system32\ibuntu.dll
2008-02-10 19:31 . 2008-02-10 19:31 5,632 --a------ C:\Documents and Settings\Famille\phoggq.exe
2008-02-10 19:31 . 2008-02-17 12:55 2,528 --a------ C:\WINDOWS\system32\krnllds.sys
2008-02-09 17:33 . 2008-02-09 17:33 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sports Interactive
2008-02-09 17:06 . 2008-02-09 17:08 <REP> d--h----- C:\Program Files\Zero G Registry
2008-02-09 17:06 . 2008-02-09 17:06 <REP> d-------- C:\Program Files\Sports Interactive
2008-02-09 17:05 . 2008-02-09 17:05 <REP> d--h----- C:\Documents and Settings\Famille\InstallAnywhere
2008-01-29 21:02 . 2008-01-29 21:02 <REP> d-------- C:\Program Files\FLVPlayer
2008-01-29 20:57 . 2008-01-29 20:58 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2008-01-29 20:48 . 2008-01-29 20:48 <REP> d-------- C:\Program Files\Eurekr.com
2008-01-26 11:20 . 2008-02-16 09:58 <REP> d-------- C:\Program Files\Incomplete
2008-01-24 15:03 . 2008-01-24 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ideas From the Deep
2008-01-23 21:42 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\Application Data\pokerth
2008-01-23 21:39 . 2008-01-23 21:40 <REP> d-------- C:\Program Files\PokerTH
2008-01-23 21:38 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\.bitrock
2008-01-23 13:29 . 2008-02-10 19:39 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-01-23 13:25 . 2008-01-23 13:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 13:17 . 2008-01-23 13:32 <REP> d-------- C:\SDFix
2008-01-23 13:11 . 2008-01-23 13:11 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
2008-01-23 13:11 . 2008-01-23 13:11 5,632 --a------ C:\Documents and Settings\Famille\cchxzd.exe
2008-01-22 23:03 . 2008-01-22 23:03 9,296 --a------ C:\Documents and Settings\Famille\gvplup.exe
2008-01-22 22:59 . 2008-01-22 22:59 9,296 --a------ C:\Documents and Settings\Famille\whzxmh.exe
2008-01-22 22:55 . 2008-01-22 22:55 9,296 --a------ C:\Documents and Settings\Famille\lymakv.exe
2008-01-22 22:51 . 2008-01-22 22:51 9,296 --a------ C:\Documents and Settings\Famille\qutnpm.exe
2008-01-22 22:47 . 2008-01-22 22:47 9,296 --a------ C:\Documents and Settings\Famille\mloeyx.exe
2008-01-22 22:43 . 2008-01-22 22:43 9,296 --a------ C:\Documents and Settings\Famille\fbjcaa.exe
2008-01-22 22:38 . 2008-01-22 22:38 9,296 --a------ C:\Documents and Settings\Famille\qnjfkj.exe
2008-01-22 22:34 . 2008-01-22 22:34 9,296 --a------ C:\Documents and Settings\Famille\kksryo.exe
2008-01-22 22:30 . 2008-01-22 22:30 9,296 --a------ C:\Documents and Settings\Famille\iuoklf.exe
2008-01-22 22:26 . 2008-01-22 22:26 9,296 --a------ C:\Documents and Settings\Famille\awtgtc.exe
2008-01-22 22:22 . 2008-01-22 22:22 9,296 --a------ C:\Documents and Settings\Famille\yoaaos.exe
2008-01-22 22:18 . 2008-01-22 22:18 9,296 --a------ C:\Documents and Settings\Famille\bbjwyq.exe
2008-01-22 22:13 . 2008-01-22 22:13 9,296 --a------ C:\Documents and Settings\Famille\hrgavt.exe
2008-01-22 22:09 . 2008-01-22 22:09 9,296 --a------ C:\Documents and Settings\Famille\qftemz.exe
2008-01-22 22:05 . 2008-01-22 22:05 9,296 --a------ C:\Documents and Settings\Famille\pkvnxl.exe
2008-01-22 22:01 . 2008-01-22 22:01 9,296 --a------ C:\Documents and Settings\Famille\mzrtho.exe
2008-01-22 21:57 . 2008-01-22 21:57 9,296 --a------ C:\Documents and Settings\Famille\blnrkr.exe
2008-01-22 21:53 . 2008-01-22 21:53 9,296 --a------ C:\Documents and Settings\Famille\kgedto.exe
2008-01-22 21:48 . 2008-01-22 21:48 9,296 --a------ C:\Documents and Settings\Famille\wzkcya.exe
2008-01-22 21:44 . 2008-01-22 21:44 9,296 --a------ C:\Documents and Settings\Famille\etxtvt.exe
2008-01-22 21:40 . 2008-01-22 21:40 9,296 --a------ C:\Documents and Settings\Famille\bkssew.exe
2008-01-22 21:36 . 2008-01-22 21:36 9,296 --a------ C:\Documents and Settings\Famille\xydvcv.exe
2008-01-22 21:32 . 2008-01-22 21:32 9,296 --a------ C:\Documents and Settings\Famille\rwivoh.exe
2008-01-22 21:28 . 2008-01-22 21:28 9,296 --a------ C:\Documents and Settings\Famille\bkxesn.exe
2008-01-22 21:23 . 2008-01-22 21:23 9,296 --a------ C:\Documents and Settings\Famille\ofgzjt.exe
2008-01-22 21:19 . 2008-01-22 21:19 9,296 --a------ C:\Documents and Settings\Famille\uporls.exe
2008-01-22 21:15 . 2008-01-22 21:15 9,296 --a------ C:\Documents and Settings\Famille\ontswm.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 14:14 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
2008-02-10 19:17 --------- d-----w C:\Program Files\ICQToolbar
2008-02-01 09:05 --------- d-----w C:\Documents and Settings\Famille\Application Data\Canon
2008-01-27 07:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\BSplayer
2008-01-26 10:26 --------- d-----w C:\Program Files\EA SPORTS
2008-01-22 21:54 --------- d-----w C:\Documents and Settings\Famille\Application Data\AdobeUM
2008-01-22 16:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-14 14:48 --------- d-----w C:\Program Files\ICQ6
2008-01-13 07:47 --------- d-----w C:\Program Files\YoutubeGet
2008-01-04 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 17:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-04 17:06 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-01-03 11:34 --------- d-----w C:\Program Files\Google
2007-12-30 10:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2007-12-30 10:25 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-30 10:25 --------- d-----w C:\Program Files\Fighter Squadron
2007-12-30 10:25 --------- d-----w C:\Program Files\EA GAMES
2007-12-30 10:17 --------- d-----w C:\Documents and Settings\Famille\Application Data\Atari
2007-12-28 08:57 --------- d-----w C:\Documents and Settings\Famille\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Program Files\QuickTime
2007-12-28 00:30 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 13:35 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-12-25 11:48 --------- d-----w C:\Program Files\MTVVideoConverter_V1.11.4
2007-12-24 15:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-24 15:29 --------- d-----w C:\Documents and Settings\Famille\Application Data\Ahead
2007-12-24 15:28 --------- d-----w C:\Program Files\Nero
2007-12-23 14:22 --------- d-----w C:\Program Files\Shareaza
2007-12-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-23 09:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-12-20 17:25 --------- d-----w C:\Documents and Settings\Famille\Application Data\dvdcss
2007-12-15 14:11 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 16:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9287202-FB35-48E7-8CAA-1DBA79BDAFE5}]
C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202668445.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-02-17 11:43 26112 --a------ C:\WINDOWS\system32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-07 10:42 5674352]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"a-squared"="C:\Program Files\a-squared\a2guard.exe" [2005-10-20 14:42 1144320]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 16:36 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-16 23:10 1348608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:52 3871744]
"EEF1F1F9F3FBF7F"="F9FCFC05FE070.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2005-07-14 16:39 2310]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"6T32B2J79N"= C:\WINDOWS\sysst32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
ibuntu.dll 2008-02-10 19:31 6672 C:\WINDOWS\system32\ibuntu.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-11-06 10:25 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 09:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 09:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-12-09 14:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE Backup]
--a------ 2006-08-20 17:10 2023424 C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12]
R1 krnllds;Kernel CryptoModule;C:\WINDOWS\system32\krnllds.sys [2008-02-17 12:55]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-02-16 23:10]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a949797-c73d-11dc-ba72-0030bdbb5726}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - SSFS0509
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 00:30:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:39:16
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ibuntu.dll
.
Temps d'accomplissement: 2008-02-17 18:39:51
ComboFix-quarantined-files.txt 2008-02-17 17:39:42
ComboFix2.txt 2008-02-17 13:11:12
J'attends la suite.Merci.
ComboFix 08-02-17.2 - Famille 2008-02-17 18:37:29.2 - NTFSx86
Endroit: H:\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\drivers\symavc32.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 12:26 . 2008-02-17 12:26 268 --ah----- C:\sqmdata06.sqm
2008-02-17 12:26 . 2008-02-17 12:26 244 --ah----- C:\sqmnoopt06.sqm
2008-02-17 12:21 . 2008-02-17 12:52 486 --a------ C:\WINDOWS\wininit.ini
2008-02-17 11:45 . 2008-02-17 11:45 18,368 --a------ C:\WINDOWS\system32\service.sys
2008-02-17 11:43 . 2008-02-17 11:43 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 11:42 . 2008-02-17 11:42 22,016 --a------ C:\Documents and Settings\Famille\zunprc.exe
2008-02-17 11:10 . 2008-02-17 11:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-17 00:18 . 2008-02-17 00:18 268 --ah----- C:\sqmdata05.sqm
2008-02-17 00:18 . 2008-02-17 00:18 244 --ah----- C:\sqmnoopt05.sqm
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Program Files\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Webroot
2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-16 23:16 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-16 23:16 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-16 23:16 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-16 23:16 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-02-16 23:10 . 2008-02-17 11:15 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-16 23:10 . 2008-02-16 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-16 23:09 . 2008-02-17 14:09 <REP> d-------- C:\Program Files\a-squared
2008-02-16 23:08 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\Yahoo!
2008-02-16 23:08 . 2008-02-16 23:09 <REP> d-------- C:\Program Files\CCleaner
2008-02-16 23:00 . 2008-02-16 23:00 268 --ah----- C:\sqmdata04.sqm
2008-02-16 23:00 . 2008-02-16 23:00 244 --ah----- C:\sqmnoopt04.sqm
2008-02-16 18:10 . 2008-02-16 18:07 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 18:02 . 2008-02-17 11:43 151,552 --a------ C:\blhhjtpx.exe
2008-02-16 18:02 . 2008-02-17 11:43 54,272 --a------ C:\urdeuvmj.exe
2008-02-16 18:02 . 2008-02-16 18:02 22,016 --a------ C:\Documents and Settings\Famille\xgnfvi.exe
2008-02-16 18:00 . 2008-02-17 11:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 18:00 . 2008-02-17 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 17:54 . 2008-02-16 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 17:52 . 2008-02-16 17:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 17:52 . 2008-02-16 17:52 172 --ah----- C:\sqmnoopt03.sqm
2008-02-16 17:23 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\ewido anti-malware
2008-02-10 20:10 . 2008-02-10 20:10 22,016 --a------ C:\Documents and Settings\Famille\goqezf.exe
2008-02-10 20:10 . 2008-02-10 20:10 5,632 --a------ C:\Documents and Settings\Famille\arzxeb.exe
2008-02-10 20:03 . 2008-02-10 20:03 5,632 --a------ C:\Documents and Settings\Famille\iavzps.exe
2008-02-10 19:46 . 2008-02-17 18:37 37,074 --a------ C:\Documents and Settings\Famille\nmacjahb.exe
2008-02-10 19:41 . 2008-02-10 19:40 8,704 --a------ C:\WINDOWS\sysst32.exe
2008-02-10 19:40 . 2008-02-10 19:40 8,704 --a------ C:\Documents and Settings\Famille\arkfth.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\ahutyus.exe
2008-02-10 19:39 . 2008-02-10 19:39 63,697 --a------ C:\Documents and Settings\Famille\riswhk.exe
2008-02-10 19:38 . 2008-02-10 19:38 3,795,158 --a------ C:\WINDOWS\dg0GhYUDQV.exe
2008-02-10 19:32 . 2008-02-10 19:32 <REP> d-------- C:\WINDOWS\afafnwgd
2008-02-10 19:32 . 2008-02-10 19:32 180,224 --a------ C:\WINDOWS\fideharw.dll
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\bmfgpqte.exe
2008-02-10 19:32 . 2008-02-10 19:32 40,960 --a------ C:\WINDOWS\nmxipsju.exe
2008-02-10 19:32 . 2008-02-10 19:32 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-10 19:32 . 2008-02-11 19:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-10 19:31 . 2008-02-10 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-10 19:31 . 2008-02-10 19:31 6,672 --a------ C:\WINDOWS\system32\ibuntu.dll
2008-02-10 19:31 . 2008-02-10 19:31 5,632 --a------ C:\Documents and Settings\Famille\phoggq.exe
2008-02-10 19:31 . 2008-02-17 12:55 2,528 --a------ C:\WINDOWS\system32\krnllds.sys
2008-02-09 17:33 . 2008-02-09 17:33 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sports Interactive
2008-02-09 17:06 . 2008-02-09 17:08 <REP> d--h----- C:\Program Files\Zero G Registry
2008-02-09 17:06 . 2008-02-09 17:06 <REP> d-------- C:\Program Files\Sports Interactive
2008-02-09 17:05 . 2008-02-09 17:05 <REP> d--h----- C:\Documents and Settings\Famille\InstallAnywhere
2008-01-29 21:02 . 2008-01-29 21:02 <REP> d-------- C:\Program Files\FLVPlayer
2008-01-29 20:57 . 2008-01-29 20:58 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2008-01-29 20:48 . 2008-01-29 20:48 <REP> d-------- C:\Program Files\Eurekr.com
2008-01-26 11:20 . 2008-02-16 09:58 <REP> d-------- C:\Program Files\Incomplete
2008-01-24 15:03 . 2008-01-24 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ideas From the Deep
2008-01-23 21:42 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\Application Data\pokerth
2008-01-23 21:39 . 2008-01-23 21:40 <REP> d-------- C:\Program Files\PokerTH
2008-01-23 21:38 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\.bitrock
2008-01-23 13:29 . 2008-02-10 19:39 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-01-23 13:25 . 2008-01-23 13:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 13:17 . 2008-01-23 13:32 <REP> d-------- C:\SDFix
2008-01-23 13:11 . 2008-01-23 13:11 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
2008-01-23 13:11 . 2008-01-23 13:11 5,632 --a------ C:\Documents and Settings\Famille\cchxzd.exe
2008-01-22 23:03 . 2008-01-22 23:03 9,296 --a------ C:\Documents and Settings\Famille\gvplup.exe
2008-01-22 22:59 . 2008-01-22 22:59 9,296 --a------ C:\Documents and Settings\Famille\whzxmh.exe
2008-01-22 22:55 . 2008-01-22 22:55 9,296 --a------ C:\Documents and Settings\Famille\lymakv.exe
2008-01-22 22:51 . 2008-01-22 22:51 9,296 --a------ C:\Documents and Settings\Famille\qutnpm.exe
2008-01-22 22:47 . 2008-01-22 22:47 9,296 --a------ C:\Documents and Settings\Famille\mloeyx.exe
2008-01-22 22:43 . 2008-01-22 22:43 9,296 --a------ C:\Documents and Settings\Famille\fbjcaa.exe
2008-01-22 22:38 . 2008-01-22 22:38 9,296 --a------ C:\Documents and Settings\Famille\qnjfkj.exe
2008-01-22 22:34 . 2008-01-22 22:34 9,296 --a------ C:\Documents and Settings\Famille\kksryo.exe
2008-01-22 22:30 . 2008-01-22 22:30 9,296 --a------ C:\Documents and Settings\Famille\iuoklf.exe
2008-01-22 22:26 . 2008-01-22 22:26 9,296 --a------ C:\Documents and Settings\Famille\awtgtc.exe
2008-01-22 22:22 . 2008-01-22 22:22 9,296 --a------ C:\Documents and Settings\Famille\yoaaos.exe
2008-01-22 22:18 . 2008-01-22 22:18 9,296 --a------ C:\Documents and Settings\Famille\bbjwyq.exe
2008-01-22 22:13 . 2008-01-22 22:13 9,296 --a------ C:\Documents and Settings\Famille\hrgavt.exe
2008-01-22 22:09 . 2008-01-22 22:09 9,296 --a------ C:\Documents and Settings\Famille\qftemz.exe
2008-01-22 22:05 . 2008-01-22 22:05 9,296 --a------ C:\Documents and Settings\Famille\pkvnxl.exe
2008-01-22 22:01 . 2008-01-22 22:01 9,296 --a------ C:\Documents and Settings\Famille\mzrtho.exe
2008-01-22 21:57 . 2008-01-22 21:57 9,296 --a------ C:\Documents and Settings\Famille\blnrkr.exe
2008-01-22 21:53 . 2008-01-22 21:53 9,296 --a------ C:\Documents and Settings\Famille\kgedto.exe
2008-01-22 21:48 . 2008-01-22 21:48 9,296 --a------ C:\Documents and Settings\Famille\wzkcya.exe
2008-01-22 21:44 . 2008-01-22 21:44 9,296 --a------ C:\Documents and Settings\Famille\etxtvt.exe
2008-01-22 21:40 . 2008-01-22 21:40 9,296 --a------ C:\Documents and Settings\Famille\bkssew.exe
2008-01-22 21:36 . 2008-01-22 21:36 9,296 --a------ C:\Documents and Settings\Famille\xydvcv.exe
2008-01-22 21:32 . 2008-01-22 21:32 9,296 --a------ C:\Documents and Settings\Famille\rwivoh.exe
2008-01-22 21:28 . 2008-01-22 21:28 9,296 --a------ C:\Documents and Settings\Famille\bkxesn.exe
2008-01-22 21:23 . 2008-01-22 21:23 9,296 --a------ C:\Documents and Settings\Famille\ofgzjt.exe
2008-01-22 21:19 . 2008-01-22 21:19 9,296 --a------ C:\Documents and Settings\Famille\uporls.exe
2008-01-22 21:15 . 2008-01-22 21:15 9,296 --a------ C:\Documents and Settings\Famille\ontswm.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 14:14 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
2008-02-10 19:17 --------- d-----w C:\Program Files\ICQToolbar
2008-02-01 09:05 --------- d-----w C:\Documents and Settings\Famille\Application Data\Canon
2008-01-27 07:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\BSplayer
2008-01-26 10:26 --------- d-----w C:\Program Files\EA SPORTS
2008-01-22 21:54 --------- d-----w C:\Documents and Settings\Famille\Application Data\AdobeUM
2008-01-22 16:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-14 14:48 --------- d-----w C:\Program Files\ICQ6
2008-01-13 07:47 --------- d-----w C:\Program Files\YoutubeGet
2008-01-04 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 17:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-04 17:06 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-01-03 11:34 --------- d-----w C:\Program Files\Google
2007-12-30 10:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2007-12-30 10:25 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-30 10:25 --------- d-----w C:\Program Files\Fighter Squadron
2007-12-30 10:25 --------- d-----w C:\Program Files\EA GAMES
2007-12-30 10:17 --------- d-----w C:\Documents and Settings\Famille\Application Data\Atari
2007-12-28 08:57 --------- d-----w C:\Documents and Settings\Famille\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Program Files\QuickTime
2007-12-28 00:30 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 13:35 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-12-25 11:48 --------- d-----w C:\Program Files\MTVVideoConverter_V1.11.4
2007-12-24 15:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-24 15:29 --------- d-----w C:\Documents and Settings\Famille\Application Data\Ahead
2007-12-24 15:28 --------- d-----w C:\Program Files\Nero
2007-12-23 14:22 --------- d-----w C:\Program Files\Shareaza
2007-12-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-23 09:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-12-20 17:25 --------- d-----w C:\Documents and Settings\Famille\Application Data\dvdcss
2007-12-15 14:11 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 16:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9287202-FB35-48E7-8CAA-1DBA79BDAFE5}]
C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202668445.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-02-17 11:43 26112 --a------ C:\WINDOWS\system32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-07 10:42 5674352]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"a-squared"="C:\Program Files\a-squared\a2guard.exe" [2005-10-20 14:42 1144320]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 16:36 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-16 23:10 1348608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:52 3871744]
"EEF1F1F9F3FBF7F"="F9FCFC05FE070.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2005-07-14 16:39 2310]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"6T32B2J79N"= C:\WINDOWS\sysst32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
ibuntu.dll 2008-02-10 19:31 6672 C:\WINDOWS\system32\ibuntu.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-11-06 10:25 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 09:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 09:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-12-09 14:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE Backup]
--a------ 2006-08-20 17:10 2023424 C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12]
R1 krnllds;Kernel CryptoModule;C:\WINDOWS\system32\krnllds.sys [2008-02-17 12:55]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-02-16 23:10]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a949797-c73d-11dc-ba72-0030bdbb5726}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - SSFS0509
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 00:30:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:39:16
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ibuntu.dll
.
Temps d'accomplissement: 2008-02-17 18:39:51
ComboFix-quarantined-files.txt 2008-02-17 17:39:42
ComboFix2.txt 2008-02-17 13:11:12
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus - aide rapport hijackthis
- ForumVirus help rapport hijackthis
- ForumVirus dans rapport hijackthis
- ForumRapport hijackthis ai-je un virus
- ForumVirus ou spywares rapport hijackthis
- ForumVirus malware rapport hijackthis
- ForumAi-je un virus rapport hijackthis
- ForumVirus rapport hijackthis smitfraudfix
- ForumVirus dealio rapport hijackthis
- ForumRapport hijackthis petits virus
- Voir plus
