Trojan.Vundo
Dernière réponse : dans Sécurité
Bonjour,
J'ai attraper je ne sais comment un Trojan.Vundo détecté via Norton Internet Security. Tous les éléments sont là: Popup intempestifs, blocage du service MàJ auto de Windows,...
J'ai fais un vundofix, un combofix et un hijackthis mais sa ne résous tjs rien. Voici les logs:
<gras>VUNDOFIX</gras>
VundoFix V7.0.6
Scan started at 19:57:44 4/11/2008
Listing files found while scanning....
C:\Windows\system32\btyhkshb.dll
C:\Windows\system32\doopslup.dll
C:\Windows\system32\stplaglh.dll
Beginning removal...
Attempting to delete C:\Windows\system32\btyhkshb.dll
C:\Windows\system32\btyhkshb.dll Has been deleted!
Attempting to delete C:\Windows\system32\doopslup.dll
C:\Windows\system32\doopslup.dll Has been deleted!
Attempting to delete C:\Windows\system32\stplaglh.dll
C:\Windows\system32\stplaglh.dll Has been deleted!
Performing Repairs to the registry.
Done!
<gras>COMBOFIX</gras>
ComboFix 08-11-04.02 - Propriétaire 2008-11-04 22:07:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.532 [GMT 1:00]
Lancé depuis: c:\vundo\ComboFix.exe
Commutateurs utilisés :: c:\vundo\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\chgbucid.ini
c:\windows\system32\cMVwwyay.ini
c:\windows\system32\cMVwwyay.ini2
c:\windows\system32\dicubghc.dll
c:\windows\system32\huyagg.dll
c:\windows\system32\ibmftloe.ini
c:\windows\system32\iuqfsyha.ini
c:\windows\system32\mcqlrbku.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdm.exe
c:\windows\system32\MSINET.oca
c:\windows\system32\nluygcfc.dll
c:\windows\system32\uetqkbgp.ini
c:\windows\system32\uniripyc.dll
c:\windows\system32\xslshdhn.ini
c:\windows\system32\yaywwVMc.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.
2008-11-04 19:57 . 2008-11-04 20:23 <REP> d-------- C:\VundoFix Backups
2008-11-04 19:53 . 2008-11-04 21:42 <REP> d-------- C:\vundo
2008-10-31 15:26 . 2008-10-31 15:26 <REP> d-------- c:\program files\Common Files
2008-10-31 15:26 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-10-31 15:26 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-10-31 15:10 . 2008-10-31 15:10 <REP> d-------- c:\program files\Games-Masters.com
2008-10-30 17:32 . 2008-10-30 17:35 <REP> d-------- c:\program files\De Blob
2008-10-26 20:51 . 2008-10-26 20:51 <REP> d-------- c:\program files\Uniblue
2008-10-26 20:41 . 2008-10-26 20:41 <REP> d-------- c:\program files\Trend Micro
2008-10-25 14:07 . 2008-10-25 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-10-25 14:07 . 2008-10-25 14:07 971,232 --a------ c:\windows\system32\drivers\tdrpm147.sys
2008-10-25 14:07 . 2008-10-25 14:07 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2008-10-25 14:07 . 2008-10-25 14:07 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-10-25 14:05 . 2008-10-25 14:37 <REP> d-------- c:\program files\Fichiers communs\Acronis
2008-10-25 13:22 . 2008-10-25 13:22 <REP> d-------- C:\TYPSoft FTP Server
2008-10-22 19:10 . 2008-10-22 19:10 <REP> d-------- c:\program files\SoftChris
2008-10-20 15:41 . 2008-10-20 15:47 <REP> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-10-19 17:12 . 2008-10-19 17:12 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2008-10-18 10:31 . 2008-10-18 10:30 687,120 --a------ c:\windows\unins000.exe
2008-10-18 10:31 . 2008-10-18 10:31 770 --a------ c:\windows\unins000.dat
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 20:47 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 20:45 --------- d-----w c:\program files\lynx
2008-11-04 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-25 14:21 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BitTorrent
2008-10-25 12:59 --------- d-----w c:\program files\eMule
2008-10-25 08:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\tunebite
2008-10-22 09:27 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 19:00 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Xfire
2008-10-21 05:53 --------- d-----w c:\program files\Google
2008-10-19 16:47 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Skype
2008-10-19 14:49 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-19 14:33 --------- d-----w c:\documents and settings\Propriétaire\Application Data\GSC
2008-10-19 13:41 --------- d-----w c:\program files\Xfire
2008-10-17 18:44 --------- d-----w c:\documents and settings\Propriétaire\Application Data\XnView
2008-10-15 06:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 16:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FileZilla
2008-10-03 13:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 13:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 13:14 35,120 ----a-w c:\windows\system32\drivers\symndis.sys
2008-10-03 13:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 13:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 13:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 13:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 13:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 13:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2008-10-01 09:35 --------- d-----w c:\program files\Norton Internet Security
2008-09-24 18:49 --------- d-----w c:\documents and settings\Propriétaire\Application Data\TortoiseSVN
2008-09-24 18:46 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Subversion
2008-09-24 18:45 --------- d-----w c:\program files\TortoiseSVN
2008-09-24 18:45 --------- d-----w c:\program files\Fichiers communs\TortoiseOverlays
2008-09-23 18:29 --------- d-----w c:\program files\MSN Messenger
2008-09-23 18:23 --------- d-----w c:\program files\Windows Live
2008-09-23 18:22 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-23 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-23 18:21 --------- d-----r c:\program files\Skype
2008-09-23 18:18 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-23 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-23 18:17 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-23 18:10 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-09-23 18:06 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-09-23 18:03 --------- d-----w c:\program files\Picasa2
2008-09-23 17:55 --------- d-----w c:\program files\FileZilla
2008-09-23 17:48 --------- d-----w c:\program files\filehippo.com
2008-09-23 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-23 15:13 --------- d-----w c:\program files\Fichiers communs\Bcgsoft
2008-09-23 15:10 --------- d-----w c:\program files\The Game Creators
2008-09-20 18:23 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-17 13:09 --------- d-----w c:\program files\VerbaPuces
2008-09-16 15:24 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Audacity
2008-09-16 15:23 --------- d-----w c:\program files\Free Audio Pack
2008-09-15 14:41 --------- d-----w c:\program files\Game Cam V2
2008-09-15 14:22 --------- d-----w c:\program files\Fraps
2008-09-14 11:26 --------- d-----w c:\program files\iTunes
2008-09-14 11:26 --------- d-----w c:\program files\iPod
2008-09-14 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 11:24 --------- d-----w c:\program files\Bonjour
2008-09-14 11:23 --------- d-----w c:\program files\QuickTime
2008-09-14 11:22 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-13 14:21 --------- d-----w c:\program files\RADVideo
2008-09-11 20:30 --------- d-----w c:\program files\GSC
2008-09-10 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-07 15:56 --------- d-----w c:\program files\Microsoft Games
2008-09-07 11:00 --------- d-----w c:\program files\Futuremark
2008-09-07 08:23 --------- d-----w c:\documents and settings\Propriétaire\Application Data\SPORE Creature Creator
2008-09-07 08:21 --------- d-----w c:\program files\Electronic Arts
2008-09-07 08:11 --------- d-----w c:\program files\UDPixel
2008-09-06 18:58 --------- d-----w c:\program files\id Software
2008-09-06 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-09-04 17:00 --------- d-----w c:\program files\Ubisoft
2005-06-05 11:01 284 ----a-w c:\documents and settings\Propriétaire\Application Data\ViewerApp.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-11-13 03:08 599552 --a------ c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 116328]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" /P Belgacom
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2004-11-27 76288]
R2 PStrip;PSTRIP;c:\windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S2 gupdate1c90f7f9a997502;Google Update Service (gupdate1c90f7f9a997502);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys [2002-08-09 110179]
S3 AtmElan;Réseau émulant ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 AtmLane;Émulation réseau ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 DynDNS_Updater_Service;DynDNS Updater Service;c:\program files\DynDNS Updater\DynDNS.exe [2006-09-17 1352704]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-12-28 13352]
S3 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\Borland\InterBase\bin\ibguard.exe [2005-05-24 36864]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe [2005-05-24 2027520]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-05 18:48]
2008-11-04 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Propri []
2008-11-01 c:\windows\Tasks\Norton Internet Security - Analyse système complète - Propriétaire.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 22:38]
2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{FF26A157-827A-4C4D-8375-5C0705E8AF46}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{249AC412-EF2A-4FE3-A11F-4DC4C633E2EF} - c:\windows\system32\yaywwVMc.dll
HKLM-RunServices-RunAlert - c:\program files\MSI\PC Alert III\AService.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\hrrt1gx8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#General
FF -: plugin - c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\BitTorrent_DNA\npbtdna.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 22:16:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe
c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Fichiers communs\Symantec Shared\CCPROXY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\fxssvc.exe
c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-04 22:58:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-04 21:58:04
Avant-CF: 55.322.136.576 octets libres
Après-CF: 55,201,693,696 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
330 --- E O F --- 2008-10-24 05:56:18
<gras>HIJACKTHIS</gras>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:57, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\program files\trend micro\HijackThis\CMM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netvibes.com/#General
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.167.187.187:3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D079D1F0-2290-4964-8393-AAE9EEA2B651} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://public.service.citroen.com
O15 - Trusted Zone: http://service.citroen.com
O15 - Trusted Zone: http://estim.citroen.inetpsa.com
O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://service.citroen.inetpsa.com
O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://spotlightdance.olympe-network.com
O15 - Trusted Zone: http://public.servicebox.peugeot.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/U...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/e...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF8C09D-EA75-4173-B417-FA56077C0D04}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate1c90f7f9a997502) (gupdate1c90f7f9a997502) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 15537 bytes
(Le programme a été renommé en CMM.exe pour afficher les lignes qui seraient masquée.)
Help me please :-s
J'ai attraper je ne sais comment un Trojan.Vundo détecté via Norton Internet Security. Tous les éléments sont là: Popup intempestifs, blocage du service MàJ auto de Windows,...
J'ai fais un vundofix, un combofix et un hijackthis mais sa ne résous tjs rien. Voici les logs:
<gras>VUNDOFIX</gras>
VundoFix V7.0.6
Scan started at 19:57:44 4/11/2008
Listing files found while scanning....
C:\Windows\system32\btyhkshb.dll
C:\Windows\system32\doopslup.dll
C:\Windows\system32\stplaglh.dll
Beginning removal...
Attempting to delete C:\Windows\system32\btyhkshb.dll
C:\Windows\system32\btyhkshb.dll Has been deleted!
Attempting to delete C:\Windows\system32\doopslup.dll
C:\Windows\system32\doopslup.dll Has been deleted!
Attempting to delete C:\Windows\system32\stplaglh.dll
C:\Windows\system32\stplaglh.dll Has been deleted!
Performing Repairs to the registry.
Done!
<gras>COMBOFIX</gras>
ComboFix 08-11-04.02 - Propriétaire 2008-11-04 22:07:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.532 [GMT 1:00]
Lancé depuis: c:\vundo\ComboFix.exe
Commutateurs utilisés :: c:\vundo\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\chgbucid.ini
c:\windows\system32\cMVwwyay.ini
c:\windows\system32\cMVwwyay.ini2
c:\windows\system32\dicubghc.dll
c:\windows\system32\huyagg.dll
c:\windows\system32\ibmftloe.ini
c:\windows\system32\iuqfsyha.ini
c:\windows\system32\mcqlrbku.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdm.exe
c:\windows\system32\MSINET.oca
c:\windows\system32\nluygcfc.dll
c:\windows\system32\uetqkbgp.ini
c:\windows\system32\uniripyc.dll
c:\windows\system32\xslshdhn.ini
c:\windows\system32\yaywwVMc.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.
2008-11-04 19:57 . 2008-11-04 20:23 <REP> d-------- C:\VundoFix Backups
2008-11-04 19:53 . 2008-11-04 21:42 <REP> d-------- C:\vundo
2008-10-31 15:26 . 2008-10-31 15:26 <REP> d-------- c:\program files\Common Files
2008-10-31 15:26 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-10-31 15:26 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-10-31 15:10 . 2008-10-31 15:10 <REP> d-------- c:\program files\Games-Masters.com
2008-10-30 17:32 . 2008-10-30 17:35 <REP> d-------- c:\program files\De Blob
2008-10-26 20:51 . 2008-10-26 20:51 <REP> d-------- c:\program files\Uniblue
2008-10-26 20:41 . 2008-10-26 20:41 <REP> d-------- c:\program files\Trend Micro
2008-10-25 14:07 . 2008-10-25 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-10-25 14:07 . 2008-10-25 14:07 971,232 --a------ c:\windows\system32\drivers\tdrpm147.sys
2008-10-25 14:07 . 2008-10-25 14:07 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2008-10-25 14:07 . 2008-10-25 14:07 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-10-25 14:05 . 2008-10-25 14:37 <REP> d-------- c:\program files\Fichiers communs\Acronis
2008-10-25 13:22 . 2008-10-25 13:22 <REP> d-------- C:\TYPSoft FTP Server
2008-10-22 19:10 . 2008-10-22 19:10 <REP> d-------- c:\program files\SoftChris
2008-10-20 15:41 . 2008-10-20 15:47 <REP> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-10-19 17:12 . 2008-10-19 17:12 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2008-10-18 10:31 . 2008-10-18 10:30 687,120 --a------ c:\windows\unins000.exe
2008-10-18 10:31 . 2008-10-18 10:31 770 --a------ c:\windows\unins000.dat
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 20:47 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 20:45 --------- d-----w c:\program files\lynx
2008-11-04 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-25 14:21 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BitTorrent
2008-10-25 12:59 --------- d-----w c:\program files\eMule
2008-10-25 08:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\tunebite
2008-10-22 09:27 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 19:00 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Xfire
2008-10-21 05:53 --------- d-----w c:\program files\Google
2008-10-19 16:47 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Skype
2008-10-19 14:49 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-19 14:33 --------- d-----w c:\documents and settings\Propriétaire\Application Data\GSC
2008-10-19 13:41 --------- d-----w c:\program files\Xfire
2008-10-17 18:44 --------- d-----w c:\documents and settings\Propriétaire\Application Data\XnView
2008-10-15 06:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 16:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FileZilla
2008-10-03 13:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 13:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 13:14 35,120 ----a-w c:\windows\system32\drivers\symndis.sys
2008-10-03 13:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 13:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 13:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 13:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 13:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 13:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2008-10-01 09:35 --------- d-----w c:\program files\Norton Internet Security
2008-09-24 18:49 --------- d-----w c:\documents and settings\Propriétaire\Application Data\TortoiseSVN
2008-09-24 18:46 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Subversion
2008-09-24 18:45 --------- d-----w c:\program files\TortoiseSVN
2008-09-24 18:45 --------- d-----w c:\program files\Fichiers communs\TortoiseOverlays
2008-09-23 18:29 --------- d-----w c:\program files\MSN Messenger
2008-09-23 18:23 --------- d-----w c:\program files\Windows Live
2008-09-23 18:22 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-23 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-23 18:21 --------- d-----r c:\program files\Skype
2008-09-23 18:18 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-23 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-23 18:17 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-23 18:10 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-09-23 18:06 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-09-23 18:03 --------- d-----w c:\program files\Picasa2
2008-09-23 17:55 --------- d-----w c:\program files\FileZilla
2008-09-23 17:48 --------- d-----w c:\program files\filehippo.com
2008-09-23 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-23 15:13 --------- d-----w c:\program files\Fichiers communs\Bcgsoft
2008-09-23 15:10 --------- d-----w c:\program files\The Game Creators
2008-09-20 18:23 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-17 13:09 --------- d-----w c:\program files\VerbaPuces
2008-09-16 15:24 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Audacity
2008-09-16 15:23 --------- d-----w c:\program files\Free Audio Pack
2008-09-15 14:41 --------- d-----w c:\program files\Game Cam V2
2008-09-15 14:22 --------- d-----w c:\program files\Fraps
2008-09-14 11:26 --------- d-----w c:\program files\iTunes
2008-09-14 11:26 --------- d-----w c:\program files\iPod
2008-09-14 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 11:24 --------- d-----w c:\program files\Bonjour
2008-09-14 11:23 --------- d-----w c:\program files\QuickTime
2008-09-14 11:22 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-13 14:21 --------- d-----w c:\program files\RADVideo
2008-09-11 20:30 --------- d-----w c:\program files\GSC
2008-09-10 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-07 15:56 --------- d-----w c:\program files\Microsoft Games
2008-09-07 11:00 --------- d-----w c:\program files\Futuremark
2008-09-07 08:23 --------- d-----w c:\documents and settings\Propriétaire\Application Data\SPORE Creature Creator
2008-09-07 08:21 --------- d-----w c:\program files\Electronic Arts
2008-09-07 08:11 --------- d-----w c:\program files\UDPixel
2008-09-06 18:58 --------- d-----w c:\program files\id Software
2008-09-06 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-09-04 17:00 --------- d-----w c:\program files\Ubisoft
2005-06-05 11:01 284 ----a-w c:\documents and settings\Propriétaire\Application Data\ViewerApp.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-11-13 03:08 599552 --a------ c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 116328]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" /P Belgacom
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2004-11-27 76288]
R2 PStrip;PSTRIP;c:\windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S2 gupdate1c90f7f9a997502;Google Update Service (gupdate1c90f7f9a997502);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys [2002-08-09 110179]
S3 AtmElan;Réseau émulant ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 AtmLane;Émulation réseau ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 DynDNS_Updater_Service;DynDNS Updater Service;c:\program files\DynDNS Updater\DynDNS.exe [2006-09-17 1352704]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-12-28 13352]
S3 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\Borland\InterBase\bin\ibguard.exe [2005-05-24 36864]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe [2005-05-24 2027520]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-05 18:48]
2008-11-04 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Propri []
2008-11-01 c:\windows\Tasks\Norton Internet Security - Analyse système complète - Propriétaire.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 22:38]
2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{FF26A157-827A-4C4D-8375-5C0705E8AF46}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{249AC412-EF2A-4FE3-A11F-4DC4C633E2EF} - c:\windows\system32\yaywwVMc.dll
HKLM-RunServices-RunAlert - c:\program files\MSI\PC Alert III\AService.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\hrrt1gx8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#General
FF -: plugin - c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\BitTorrent_DNA\npbtdna.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 22:16:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe
c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Fichiers communs\Symantec Shared\CCPROXY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\fxssvc.exe
c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-04 22:58:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-04 21:58:04
Avant-CF: 55.322.136.576 octets libres
Après-CF: 55,201,693,696 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
330 --- E O F --- 2008-10-24 05:56:18
<gras>HIJACKTHIS</gras>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:57, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\program files\trend micro\HijackThis\CMM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netvibes.com/#General
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.167.187.187:3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D079D1F0-2290-4964-8393-AAE9EEA2B651} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://public.service.citroen.com
O15 - Trusted Zone: http://service.citroen.com
O15 - Trusted Zone: http://estim.citroen.inetpsa.com
O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://service.citroen.inetpsa.com
O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://spotlightdance.olympe-network.com
O15 - Trusted Zone: http://public.servicebox.peugeot.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/U...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/e...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF8C09D-EA75-4173-B417-FA56077C0D04}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate1c90f7f9a997502) (gupdate1c90f7f9a997502) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 15537 bytes
(Le programme a été renommé en CMM.exe pour afficher les lignes qui seraient masquée.)
Help me please :-s
Autres pages sur : trojan vundo
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumMalwarebytes a trouve un trojan vundo
- ForumVirus trojan vundo, comment reparer
- ForumComment se debarrasser de trojan vundo
- ForumTrojan vundo
- ForumInfecte par trojan vundo gen.2
- ForumSupprimer trojan vundo vds
- ForumTrojan vundo gen 4
- ForumTrojan vundo h
- ForumVirus trojan vundo
- ForumInfecte par trojan vundo et autres
- Voir plus
