Bibif

Membres

Afficher le profil Afficher son activité

Compteur de contenus
65
Inscription
le 16 novembre 2006
Dernière visite
le 16 janvier 2023

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Bibif

Trojan.Vundo ?

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

On joue à cache cache en effet... La manip ne marche pas: 1/ le fichier est introuvable (il a déjà été mis en quarantaine par Combofix) 2/ Hijackthis ne "fixe" pas les lignes O20 et O23 C'est grave docteur, n'est ce pas? Bibif Voici les rapports OTmoveit et HTJ File/Folder c:\windows\system32\xxyvVpMD.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06232008_165736 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:02:35, on 23/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\Explorer.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - xxyvVpMD.dll (file missing) O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14216 bytes Voici le rapport Hijachthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:02:35, on 23/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\Explorer.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - xxyvVpMD.dll (file missing) O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14216 bytes
- le 23 juin 2008
- 25 réponses
Trojan.Vundo ?

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Le voici, (j'ai redémarré l'ordinateur d'abord) Bibif Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:03:42, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\Explorer.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - xxyvVpMD.dll (file missing) O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14197 bytes
- le 22 juin 2008
- 25 réponses
Trojan.Vundo ?

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Merci Pear, 1/ La ligne O2 n'existe pas (ou plus) Les lignes O20 et O23 ont été cochées et "fixées" 2/ Les Lignes ont été rajoutées au registre correctement 3/ Le fichier c:\windows\system32\iyrvcfnm.dll n'existe pas, donc je n'ai pas pu le supprimer (Mis en quarantaine par Combofix). Avec OTmoveit, c'est pareil: File/Folder c:\windows\system32\iyrvcfnm.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_205949 Que dois-je faire maintenant? Merci, Bibif
- le 22 juin 2008
- 25 réponses
Trojan.Vundo ?

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

J'avais repéré la commande combofix /v. Je l'ai donc exécutée (avec l'option /v) mais rien ne change dans la ligne O20 de Hijack: O20 - Winlogon Notify: xxyvVpMD - xxyvVpMD.dll (file missing) La solution n'est-elle pas de simplement cocher cette ligne dans Hijackthis, et de "réparer" ? Merci quand même, Bibif
- le 22 juin 2008
- 25 réponses
Trojan.Vundo ?

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Merci pour ces informations, mais je suis un peu confus... En recherchant vundofix.exe, je sui tombé sur un article expliquant les diffférences entre vundofix.exe et virtumondebegone (Supprimer le trojan Vundo/Virtumonde). Ce qui ne me dit pas si je dois utiliser un outil, l'autre, ou les deux... Merci de votre aide, Bibif
- le 22 juin 2008
- 25 réponses
Trojan.Vundo ?

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Merci Gal, Voici le rapport combofix, suivi d'un reboot et d'un hijack Bibif 1 COMBOFIX ComboFix 08-06-20.4 - Dov 2008-06-22 0:02:33.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.525 [GMT 2:00] Endroit: D:\Documents and Settings\Dov\Bureau\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\iyrvcfnm.dll D:\Documents and Settings\Laurence\g2mdlhlpx.exe D:\Documents and Settings\Propriétaire\g2mdlhlpx.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))))))) . 2008-06-21 16:33 . 2008-06-21 17:21 <REP> d-------- C:\Q3Ademo 2008-06-21 00:02 . 2008-06-21 00:02 <REP> d--hs---- D:\Documents and Settings\NetworkService.AUTORITE NT.008 2008-06-21 00:02 . 2008-06-21 00:02 <REP> d--hs---- D:\Documents and Settings\LocalService.AUTORITE NT.008 2008-06-19 17:33 . 2008-06-20 23:59 <REP> d---s---- D:\Documents and Settings\NetworkService.AUTORITE NT.007 2008-06-19 17:33 . 2008-06-20 23:59 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.007 2008-06-19 17:14 . 2008-06-20 23:59 <REP> d---s---- D:\Documents and Settings\NetworkService.AUTORITE NT.006 2008-06-19 17:14 . 2008-06-20 23:59 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.006 2008-06-18 22:55 . 2008-06-18 22:55 <REP> d-------- D:\Documents and Settings\Laurence\Application Data\Malwarebytes 2008-06-15 18:53 . 2008-06-21 00:00 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ma-config.com 2008-06-15 18:53 . 2008-06-20 23:58 <REP> d-------- C:\Program Files\ma-config.com 2008-06-11 18:28 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 18:28 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 16:48 . 2008-06-09 16:48 <REP> d-------- D:\Documents and Settings\InvitÚ 2008-06-06 16:51 . 2008-06-06 16:51 <REP> d-------- D:\Documents and Settings\Dov\Application Data\Malwarebytes 2008-06-06 16:51 . 2008-06-06 16:51 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-06 16:51 . 2008-06-21 18:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-06 16:51 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-06 16:51 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-23 19:58 . 2008-06-14 19:32 <REP> d-------- D:\Documents and Settings\All Users\Application Data\TrackMania 2008-05-23 19:51 . 2008-05-23 19:53 <REP> d-------- C:\Program Files\TmNationsForever . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 22:03 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-06-17 19:27 --------- d-----w D:\Documents and Settings\Propriétaire\Application Data\LimeWire 2008-06-17 19:27 --------- d-----w D:\Documents and Settings\Propriétaire\Application Data\LimeWire 2008-06-01 14:48 --------- d-----w D:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org2 2008-06-01 14:48 --------- d-----w D:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org2 2008-05-31 12:25 --------- d-----w C:\Program Files\LimeWire 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2006-10-25 13:17 720,896 ----a-w D:\Documents and Settings\Propriétaire\EAInstall.dll 2006-09-01 10:13 5,834,270 ----a-w C:\Program Files\BitTorrent-Stable.exe 2006-08-11 09:44 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe 2006-08-09 13:32 10 ----a-w C:\Program Files\MSPAC.DAT 2006-06-22 09:41 5,032 ----a-r C:\WINDOWS\inf\SET40.tmp 2006-06-11 16:23 42,735 ----a-w C:\Program Files\GRAW_PC_demo_JeuxVideo.com_12099.zip.torrent 2006-06-11 16:22 1,146 ----a-w C:\Program Files\gtaects_JeuxVideo.com_5562.zip.torrent 2006-06-02 16:28 10,738,088 ----a-w C:\Program Files\SkypeSetup-Beta.exe 2006-04-30 11:45 9,396,336 ----a-w C:\Program Files\SkypeSetup.exe 2006-03-27 11:00 5,019 ----a-w C:\WINDOWS\inf\SETEB.tmp 2006-03-27 11:00 5,019 ----a-w C:\WINDOWS\inf\SETB4.tmp 2006-03-27 11:00 5,019 ----a-w C:\WINDOWS\inf\SET6A.tmp 2006-03-27 11:00 5,019 ----a-w C:\WINDOWS\inf\SET38.tmp 2006-03-27 11:00 5,019 ----a-w C:\WINDOWS\inf\SET132.tmp 2006-01-21 14:57 9,441,744 ----a-w C:\Program Files\MsnSearchToolbarSetup_fr-fr.exe 2003-06-20 02:05 49,776 ----a-w C:\WINDOWS\inf\usbhub20.sys 2003-06-20 02:05 24,752 ----a-w C:\WINDOWS\inf\hidclass.sys 2003-06-20 02:05 20,688 ----a-w C:\WINDOWS\inf\usbd.sys 2003-06-20 02:05 19,728 ----a-w C:\WINDOWS\inf\usbehci.sys 2003-06-20 02:05 138,288 ----a-w C:\WINDOWS\inf\usbport.sys 2002-12-19 17:59 480 ----a-w C:\Program Files\setup.bin 2002-12-19 17:59 375,779 ----a-w C:\Program Files\pong3dt2.dat 1997-12-13 20:52 9,557 ----a-w C:\Program Files\MSPAC.DOC 1997-12-13 20:52 5,680 ----a-w C:\Program Files\MSP-V102.TXT 1997-01-03 20:15 218,542 ----a-w C:\Program Files\MSPAC.EXE 1996-02-15 19:43 6,396 ----a-w C:\Program Files\BACKGND 1996-02-15 19:20 138,878 ----a-w C:\Program Files\M1 1996-02-15 19:04 94,740 ----a-w C:\Program Files\POWERUP 1996-02-15 18:17 35,010 ----a-w C:\Program Files\EXLIFE 1995-11-14 17:32 82,958 ----a-w C:\Program Files\M3 1995-11-14 17:16 2,456 ----a-w C:\Program Files\FRTB 1995-11-14 17:14 11,738 ----a-w C:\Program Files\EATFR 1995-11-14 16:58 354,578 ----a-w C:\Program Files\M2 1995-11-14 15:42 21,320 ----a-w C:\Program Files\PACDIE 1995-11-14 15:22 2,024 ----a-w C:\Program Files\EATDOT 1995-11-13 16:26 68,226 ----a-w C:\Program Files\TITLE 1995-11-09 18:38 14,234 ----a-w C:\Program Files\POWUP2 1995-11-05 12:45 9,046 ----a-w C:\Program Files\EATGH 2007-02-15 16:03 44,624 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll 2007-02-15 16:03 108,192 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-04-21 08:42 8,361,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-04-21 08:42 241,952 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-09_16.48.21.39 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll + 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll + 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll + 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll + 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll + 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll + 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe + 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll + 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll + 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll + 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll + 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll + 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll + 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll + 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll + 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll + 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll + 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru040c.dll + 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll + 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll + 2008-04-21 06:43:36 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll + 2008-04-21 06:43:36 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll + 2008-04-21 06:30:24 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll + 2008-04-21 06:30:24 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll + 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll - 2008-06-09 14:27:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-21 16:20:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2006-10-27 14:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA00C0400000000000F01FEC\12.0.4518\MSO.DLL - 2008-05-17 20:57:22 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-06-15 16:44:13 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-05-17 20:57:22 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-06-15 16:44:13 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-05-17 20:57:23 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-06-15 16:44:14 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-05-17 20:57:22 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-15 16:44:13 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-05-17 20:57:23 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-06-15 16:44:14 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-05-17 20:57:23 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-06-15 16:44:14 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-05-17 20:57:23 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-06-15 16:44:14 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-05-17 20:57:23 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-06-15 16:44:14 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-05-17 20:57:22 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-06-15 16:44:13 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-05-17 20:57:22 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-06-15 16:44:13 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-05-17 20:57:23 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-06-15 16:44:14 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-05-17 20:57:22 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-06-15 16:44:13 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-05-17 20:57:22 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-06-15 16:44:13 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-02-20 10:39:08 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe + 2008-06-15 16:43:40 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe - 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll - 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll - 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll + 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll - 2008-02-16 09:02:34 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-04-21 07:02:27 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll - 2008-02-16 09:02:34 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-04-21 07:02:27 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll - 2008-02-16 09:02:34 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll + 2008-04-21 07:02:28 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll - 2008-02-16 09:02:34 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-21 07:02:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-02-16 09:02:35 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-21 07:02:28 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-02-16 09:02:35 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-21 07:02:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-02-16 09:02:35 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-04-21 07:02:29 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll - 2008-02-16 09:02:35 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll + 2008-04-21 07:02:29 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll - 2008-02-16 09:02:35 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-21 07:02:29 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-02-16 22:32:38 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-21 07:02:34 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-02-16 09:02:36 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-21 07:02:34 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-02-16 09:02:37 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-21 07:02:34 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-02-16 09:02:37 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-21 07:02:35 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-02-16 09:02:37 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-21 07:02:35 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-02-16 09:02:38 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-04-21 07:02:37 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2008-02-16 09:02:38 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-04-21 07:02:38 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2008-02-16 09:02:39 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-21 07:02:39 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-02-16 09:02:39 663,552 ------w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-21 07:02:40 663,552 ------w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-03-06 20:51:47 11,141,712 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2008-06-20 22:01:01 5,101,648 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat - 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll - 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-14 18:55 29744] "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-06-11 18:06 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-21 19:11:52 113664] Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2007-04-26 16:44:21 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvVpMD] xxyvVpMD.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "MSACM.MI-SC4"= MI-SC4.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "D:\\Documents and Settings\\Noam8\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 11:41] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-14 18:55] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-16 12:14:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-22 00:06:53 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-22 0:07:53 ComboFix-quarantined-files.txt 2008-06-21 22:07:48 Pre-Run: 111,326,670,848 octets libres Post-Run: 111,310,897,152 octets libres 336 --- E O F --- 2008-06-20 23:04:21 2/ HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:16:54, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\LVComsX.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - xxyvVpMD.dll (file missing) O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14230 bytes
- le 21 juin 2008
- 25 réponses
Trojan.Vundo ?

Bibif a posté un sujet dans Analyses et éradication malwares

Bonsoir, Je n'arrive pas à me débarasser de Trojan.Vundo... Après deux semaines de répit (et un Combofix), ce Trojan.Vundo réapparaît (je ne sais pas si c'est le même ou son cousin...) Ci joints: - un rapport Malwarebytes - un rapport hijack Est-ce que ça relève d'un Combofix? Vos lumières sont les bienvenues... Merci d'avance, Bibif 1/rapport Malwarebytes Malwarebytes' Anti-Malware 1.18 Version de la base de données: 875 20:31:23 21/06/2008 mbam-log-6-21-2008 (20-31-23).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 318235 Temps écoulé: 1 hour(s), 33 minute(s), 58 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\qoMfdDwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. 2/ Rapport Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:36:45, on 21/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\Explorer.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\WINDOWS\system32\LVComsX.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {2d736349-19e2-0cf8-7ab4-92bfc702ba7b} - {b7ab207c-fb29-4ba7-8fc0-2e91943637d2} - C:\WINDOWS\system32\iyrvcfnm.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-925967871-2353556621-442134179-1010\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Laurence') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - xxyvVpMD.dll (file missing) O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14475 bytes
- le 21 juin 2008
- 25 réponses
Trojan.Vundo.ERH bloqué (?) par Bitdefender

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Bonjour Pear, Conbofix installé et exécuté. La doc (qui date de 2005) ne semble plus correspondre à ce que j'ai chargé: je pense notamment à la procédure concernant la console de récupération: combofix ne m'a pas demandé de choisir ma version XP, et je n'ai pas eu le loisir de faire glisser quoi que ce soit sur l'icone de combofix. J'imagine que depuis 2005, cette procédure est automatique... En attendant, voici le rapport de combofix. Thanks a lot... RAPPORT COMBOFIX ComboFix 08-06-06.6 - Dov 2008-06-09 16:16:53.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.541 [GMT 2:00] Endroit: D:\Documents and Settings\Dov\Bureau\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM8ba6231f.xml C:\WINDOWS\pack.epk C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dsxpqrps.dll C:\WINDOWS\system32\elnnhdqf.dll C:\WINDOWS\system32\gaorprwi.ini C:\WINDOWS\system32\mhfqmdfx.dll C:\WINDOWS\system32\rwfuwnqc.dll C:\WINDOWS\system32\xwDdfMoq.ini C:\WINDOWS\system32\xwDdfMoq.ini2 C:\WINDOWS\system32\xxyvVpMD.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))))))) . 2008-06-06 16:51 . 2008-06-06 16:51 <REP> d-------- D:\Documents and Settings\Dov\Application Data\Malwarebytes 2008-06-06 16:51 . 2008-06-06 16:51 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-06 16:51 . 2008-06-06 19:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-06 16:51 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-06 16:51 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-06 10:55 . 2008-06-06 10:55 96,256 --a------ C:\WINDOWS\system32\iyrvcfnm.dll 2008-06-04 18:26 . 2008-06-06 19:06 281,088 --------- C:\WINDOWS\system32\qoMfdDwx.dll 2008-05-23 19:58 . 2008-06-07 13:26 <REP> d-------- D:\Documents and Settings\All Users\Application Data\TrackMania 2008-05-23 19:51 . 2008-05-23 19:53 <REP> d-------- C:\Program Files\TmNationsForever . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-31 12:25 --------- d-----w C:\Program Files\LimeWire 2008-04-18 18:21 --------- d-----w C:\Program Files\EdenSoftware 2008-04-18 15:12 --------- d-----w C:\Program Files\VuPassword 2008-04-16 20:02 --------- d-----w C:\Program Files\WinSCP3 2008-04-16 18:01 --------- d-----w C:\Program Files\NRJ 2008-04-16 14:41 --------- d-----w D:\Documents and Settings\Laurence\Application Data\Apple Computer 2008-04-16 12:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-12 12:11 --------- d-----w D:\Documents and Settings\Dov\Application Data\Apple Computer 2008-04-11 11:44 --------- d-----w D:\Documents and Settings\Laurence\Application Data\vlc 2006-11-15 15:26 56,912 ----a-w D:\Documents and Settings\Laurence\g2mdlhlpx.exe 2006-09-01 10:13 5,834,270 ----a-w C:\Program Files\BitTorrent-Stable.exe 2006-08-11 09:44 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe 2006-08-09 13:32 10 ----a-w C:\Program Files\MSPAC.DAT 2006-06-11 16:23 42,735 ----a-w C:\Program Files\GRAW_PC_demo_JeuxVideo.com_12099.zip.torrent 2006-06-11 16:22 1,146 ----a-w C:\Program Files\gtaects_JeuxVideo.com_5562.zip.torrent 2006-06-02 16:28 10,738,088 ----a-w C:\Program Files\SkypeSetup-Beta.exe 2006-04-30 11:45 9,396,336 ----a-w C:\Program Files\SkypeSetup.exe 2006-01-21 14:57 9,441,744 ----a-w C:\Program Files\MsnSearchToolbarSetup_fr-fr.exe 2002-12-19 17:59 480 ----a-w C:\Program Files\setup.bin 2002-12-19 17:59 375,779 ----a-w C:\Program Files\pong3dt2.dat 1997-12-13 20:52 9,557 ----a-w C:\Program Files\MSPAC.DOC 1997-12-13 20:52 5,680 ----a-w C:\Program Files\MSP-V102.TXT 1997-01-03 20:15 218,542 ----a-w C:\Program Files\MSPAC.EXE 1996-02-15 19:43 6,396 ----a-w C:\Program Files\BACKGND 1996-02-15 19:20 138,878 ----a-w C:\Program Files\M1 1996-02-15 19:04 94,740 ----a-w C:\Program Files\POWERUP 1996-02-15 18:17 35,010 ----a-w C:\Program Files\EXLIFE 1995-11-14 17:32 82,958 ----a-w C:\Program Files\M3 1995-11-14 17:16 2,456 ----a-w C:\Program Files\FRTB 1995-11-14 17:14 11,738 ----a-w C:\Program Files\EATFR 1995-11-14 16:58 354,578 ----a-w C:\Program Files\M2 1995-11-14 15:42 21,320 ----a-w C:\Program Files\PACDIE 1995-11-14 15:22 2,024 ----a-w C:\Program Files\EATDOT 1995-11-13 16:26 68,226 ----a-w C:\Program Files\TITLE 1995-11-09 18:38 14,234 ----a-w C:\Program Files\POWUP2 1995-11-05 12:45 9,046 ----a-w C:\Program Files\EATGH 2007-02-15 16:03 44,624 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll 2007-02-15 16:03 108,192 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-04-21 08:42 8,361,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-04-21 08:42 241,952 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7ab207c-fb29-4ba7-8fc0-2e91943637d2}] 2008-06-06 10:55 96256 --a------ C:\WINDOWS\system32\iyrvcfnm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-14 18:55 29744] "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-06-11 18:06 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvVpMD] xxyvVpMD.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "MSACM.MI-SC4"= MI-SC4.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "D:\\Documents and Settings\\Noam8\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 11:41] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-14 18:55] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-16 12:14:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-09 16:45:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\ATL.DLL . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\APPS\ABOARD\AOSD.EXE C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-09 16:48:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-09 14:48:40 Pre-Run: 112,465,465,344 octets libres Post-Run: 112,391,000,064 octets libres 188 --- E O F --- 2008-05-29 19:12:25
- le 9 juin 2008
- 4 réponses
Trojan.Vundo.ERH bloqué (?) par Bitdefender

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Bonsoir Pear, J'ai suivi tes instructions à la lettre. Ci-dessous les deux rapports: -MBAM et HIJACK Merci de ton aide, Bibif 1/ Voici le rapport MBAM: Malwarebytes' Anti-Malware 1.15 Version de la base de données: 834 19:06:53 06/06/2008 mbam-log-6-6-2008 (19-06-53).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 367564 Temps écoulé: 1 hour(s), 35 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 16 Fichier(s) infecté(s): 45 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\mhfqmdfx.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\qoMfdDwx.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\xxyvVpMD.dll (Trojan.Vundo) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93311cf1-18d6-4c1d-b8e4-4a45166b0968} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{93311cf1-18d6-4c1d-b8e4-4a45166b0968} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88951083 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM8ba6231f (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomfddwx -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomfddwx -> Delete on reboot. Dossier(s) infecté(s): C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\capoeirafighter (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzflashdimension (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzpong (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\luigisrevengeinteractive (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\motocross (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\princeofpersia (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\sonic (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\streetfighter (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\supersnowboardx (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\tabletennis (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\trampoline (Adware.EGDAccess) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\fhinujcs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\scjunihf.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mhfqmdfx.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\xfdmqfhm.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMfdDwx.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\xwDdfMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xwDdfMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyvVpMD.dll (Trojan.Vundo) -> Delete on reboot. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP799\A0169973.dll (Trojan.Vundo) -> Quarantined and deleted successfully. D:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\H01KLVEO\CA6NU7AH (Trojan.Vundo) -> Quarantined and deleted successfully. D:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\PQ0SKLDE\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\capoeirafighter\capoeirafighter.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\capoeirafighter\capoeirafighter.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\capoeirafighter\capoeirafighter.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzflashdimension\dragonballzflashdimension.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzflashdimension\dragonballzflashdimension.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzflashdimension\dragonballzflashdimension.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzpong\dragonballzpong.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzpong\dragonballzpong.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\dragonballzpong\dragonballzpong.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\luigisrevengeinteractive\luigisrevengeinteractive.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\luigisrevengeinteractive\luigisrevengeinteractive.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\luigisrevengeinteractive\luigisrevengeinteractive.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\motocross\motocross.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\motocross\motocross.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\princeofpersia\princeofpersia.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\princeofpersia\princeofpersia.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\princeofpersia\princeofpersia.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\sonic\sonic.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\sonic\sonic.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\sonic\sonic.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\streetfighter\streetfighter.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\streetfighter\streetfighter.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\streetfighter\streetfighter.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\supersnowboardx\supersnowboardx.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\supersnowboardx\supersnowboardx.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\supersnowboardx\supersnowboardx.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\tabletennis\tabletennis.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\tabletennis\tabletennis.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\trampoline\trampoline.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\trampoline\trampoline.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\content\favoris\trampoline\trampoline.swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwfuwnqc.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. D:\Documents and Settings\Propriétaire\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. 2/ RAPPORT HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:02, on 06/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\iPod\bin\iPodService.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {2d736349-19e2-0cf8-7ab4-92bfc702ba7b} - {b7ab207c-fb29-4ba7-8fc0-2e91943637d2} - C:\WINDOWS\system32\iyrvcfnm.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - C:\WINDOWS\SYSTEM32\xxyvVpMD.dll O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14138 bytes
- le 6 juin 2008
- 4 réponses
Trojan.Vundo.ERH bloqué (?) par Bitdefender

Bibif a posté un sujet dans Analyses et éradication malwares

Bonjour, Cher Zébulon, j'ai encore besoin de tes lumières... Sur le PC Windows XP SP2 accessible par un téléchargeur fou de 12ans (mon fils!), les symptomes sont les suivants 1/ à l'ouverture des sessions: - Deux sessions d'utilisateurs n'affichent pas les icones du bureau - Une troisième s'ouvre correctement 2/ Sur toutes les sessions, Bitdefender (à jour) détecte Trojan.Vundo.ERH ET LE BLOQUE! "Votre PC n'a pas été infecté". Mais il est impossible de travailler pour autant. Please help! Ci-joint: - scan de bitdefender (Trojan et backdoor détectés) - Rapport hijack Merci de votre aide, Bibif 1/ SCAN BITDEFENDER: //----------------------------------------------------------------- // // Produit BitDefender Antivirus Plus v10 // Produit 10.2 // // Créé le: 05/06/2008 19:04:03 // //----------------------------------------------------------------- Statistiques Chemin cible: C:\ D:\ Dossiers : 24616 Fichiers : 1768393 Processus Mémoire analysés : 73 Archives : 112123 Fichiers enpaquetés : 317042 Virus trouvés : 12 Fichiers infectés : 22 Processus Mémoire infectés : 0 Fichiers suspects : 9 Alertes : 0 Fichiers désinfectés : 2 Fichiers effacés : 0 Fichiers déplacés : 4 Erreurs I/O : 63 Temps d'analyse :=04:20:22 Fichiers/seconde :113 Statistiques Spywares Registres analysés : 396 Registres infectés : 0 Cookies analysés : 37 Cookies infectés : 0 Fichiers spyware infectés : 0 Menaces Spyware détectées : 0 Définitions virus : 1251326 Plugins d'analyse : 16 Plugins archives : 42 Plug-ins décompression : 7 Plug-ins messagerie : 6 Plug-ins système : 5 Options d'analyse Détection [X] Analyser le secteur de boot [X] Processus mémoire [X] Analyser les archives [X] Analyser les fichiers enpaquetés [X] Analyser la messagerie Masque fichiers [ ] Programmes [X] Tous les fichiers [ ] Extensions définies par l'utilisateur: [ ] Exclure les extensions: ; Action Objets infectés [ ] Ignorer [X] Désinfecter [ ] Effacer [ ] Mettre en quarantaine [ ] Demander l'action Seconde action [ ] Ignorer [ ] Effacer [X] Mettre en quarantaine [ ] Demander l'action Options d'analyse [X] Activer les alertes [X] Activer l'heuristique [ ] Afficher tous les fichiers dans le journal [X] Fichier journal: D:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1212685443.log Options d'analyse Spyware [X] Analyse contre les risques non-viraux [ ] Ecarter de l'analyse les dialers et les applications [X] Clés de registres [X] Cookies Résumé: C:\Program Files\PokÃ©lord Script\PokÃ©lord Script v2.0.1\meuh.dll Infecté: Backdoor.Bot.10951 C:\Program Files\PokÃ©lord Script\PokÃ©lord Script v2.0.1\meuh.dll Désinfection impossible C:\Program Files\PokÃ©lord Script\PokÃ©lord Script v2.0.1\meuh.dll Déplacé C:\SaveDELL-Mensuel\SaveDell-061031 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.AFC639D1 C:\SaveDELL-Mensuel\SaveDell-061031 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\SaveDell-061031 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.92E11825 C:\SaveDELL-Mensuel\SaveDell-061031 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\SaveDell-061224 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.AFC639D1 C:\SaveDELL-Mensuel\SaveDell-061224 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\SaveDell-061224 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.92E11825 C:\SaveDELL-Mensuel\SaveDell-061224 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\SaveDell-061224 obsolete\OutlookBF\Boite BB.pst=>[subject: Ils se battent pour la paix][From: jckat]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability C:\SaveDELL-Mensuel\SaveDell-061224 obsolete\OutlookBF\Boite BB.pst=>[subject: 20/11 : Veolia, Prosodie, Sagem,...][From: laviefinanciere@laposte.net]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability C:\SaveDELL-Mensuel\Savedell-070217 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.AFC639D1 C:\SaveDELL-Mensuel\Savedell-070217 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\Savedell-070217 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.92E11825 C:\SaveDELL-Mensuel\Savedell-070217 obsolete\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\Savedell-070217 obsolete\OutlookBF\Boite BB.pst=>[subject: Ils se battent pour la paix][From: jckat]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability C:\SaveDELL-Mensuel\Savedell-070217 obsolete\OutlookBF\Boite BB.pst=>[subject: 20/11 : Veolia, Prosodie, Sagem,...][From: laviefinanciere@laposte.net]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability C:\SaveDELL-Mensuel\SaveDell-BASE\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.92E11825 C:\SaveDELL-Mensuel\SaveDell-BASE\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\SaveDell-BASE\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.AFC639D1 C:\SaveDELL-Mensuel\SaveDell-BASE\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Désinfection impossible C:\SaveDELL-Mensuel\SaveDell-BASE\OutlookBF\Boite BB.pst=>[subject: Ils se battent pour la paix][From: jckat]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability C:\SaveDELL-Mensuel\SaveDell-BASE\OutlookBF\Boite BB.pst=>[subject: 20/11 : Veolia, Prosodie, Sagem,...][From: laviefinanciere@laposte.net]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP799\A0169957.dll Infecté: Backdoor.Bot.10951 C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP799\A0169957.dll Désinfection impossible C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP799\A0169957.dll Déplacé C:\WINDOWS\system32\xxyvVpMD.dll Infecté: Trojan.Vundo.ERH C:\WINDOWS\system32\xxyvVpMD.dll Désinfection impossible C:\WINDOWS\system32\xxyvVpMD.dll Déplacement impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Application Data\Mozilla\Firefox\Profiles\40fs12lo.default\Cache\47356EA3d01=>(RAR Sfx o)=>keygen.exe Infecté: Trojan.Downloader.Harnig.ZC D:\Documents and Settings\PropriÃ©taire\Local Settings\Application Data\Mozilla\Firefox\Profiles\40fs12lo.default\Cache\47356EA3d01=>(RAR Sfx o)=>keygen.exe Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Application Data\Mozilla\Firefox\Profiles\40fs12lo.default\Cache\47356EA3d01=>(RAR Sfx o)=>keygen.exe Déplacement impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Application Data\Mozilla\Firefox\Profiles\40fs12lo.default\Cache\47356EA3d01=>(RAR Sfx o)=>serial.exe Infecté: Trojan.Retapu.D D:\Documents and Settings\PropriÃ©taire\Local Settings\Application Data\Mozilla\Firefox\Profiles\40fs12lo.default\Cache\47356EA3d01=>(RAR Sfx o)=>serial.exe Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Application Data\Mozilla\Firefox\Profiles\40fs12lo.default\Cache\47356EA3d01=>(RAR Sfx o)=>serial.exe Déplacement impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Temp\h67aadjb.exe=>(NSIS o)=>lzma_solid_nsis0005 Infecté: Backdoor.Bot.10951 D:\Documents and Settings\PropriÃ©taire\Local Settings\Temp\h67aadjb.exe=>(NSIS o)=>lzma_solid_nsis0005 Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Temp\h67aadjb.exe=>(NSIS o)=>lzma_solid_nsis0005 Déplacement impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Temp\TFR99.tmp=>www.Dance_dec_jpg_Msn.com Infecté: Backdoor.Sdbot.BNI D:\Documents and Settings\PropriÃ©taire\Local Settings\Temp\TFR99.tmp=>www.Dance_dec_jpg_Msn.com Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Local Settings\Temp\TFR99.tmp Déplacé D:\Documents and Settings\PropriÃ©taire\Mes documents\Jeux Mobile\800 Jeux Java Gratuits\NBA_2005.jar=>anims.mrg Infecté: Trojan.Exploit.Pngfile.A D:\Documents and Settings\PropriÃ©taire\Mes documents\Jeux Mobile\800 Jeux Java Gratuits\NBA_2005.jar=>anims.mrg Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Mes documents\Jeux Mobile\800 Jeux Java Gratuits\NBA_2005.jar Déplacé D:\Documents and Settings\PropriÃ©taire\Mes documents\Mes tÃ©lÃ©chargements\trackmania_united_key.exe=>(RAR Sfx o)=>keygen.exe Infecté: Trojan.Downloader.Harnig.ZC D:\Documents and Settings\PropriÃ©taire\Mes documents\Mes tÃ©lÃ©chargements\trackmania_united_key.exe=>(RAR Sfx o)=>keygen.exe Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Mes documents\Mes tÃ©lÃ©chargements\trackmania_united_key.exe=>(RAR Sfx o)=>keygen.exe Déplacement impossible D:\Documents and Settings\PropriÃ©taire\Mes documents\Mes tÃ©lÃ©chargements\trackmania_united_key.exe=>(RAR Sfx o)=>serial.exe Infecté: Trojan.Retapu.D D:\Documents and Settings\PropriÃ©taire\Mes documents\Mes tÃ©lÃ©chargements\trackmania_united_key.exe=>(RAR Sfx o)=>serial.exe Désinfection impossible D:\Documents and Settings\PropriÃ©taire\Mes documents\Mes tÃ©lÃ©chargements\trackmania_united_key.exe=>(RAR Sfx o)=>serial.exe Déplacement impossible D:\NCR_Archives\Exchange\MAILBOX.PST=>[subject: Terabyte Club.xls][From: Speciale, Nancy]=>tbclub.xls Infecté: XM.Laroux.AE D:\NCR_Archives\Exchange\MAILBOX.PST=>[subject: Terabyte Club.xls][From: Speciale, Nancy]=>tbclub.xls Désinfecté D:\NCR_Archives\Exchange\MAILBOX.PST Recompression des archives réussie D:\NCR_Archives\Exchange\MAILBOX.PST=>[subject: Terabyte Club at 59 and counting][From: Jahnke, Mark]=>TeraClub.zip=>TeraClub.xls Infecté: XM.Laroux.AE D:\NCR_Archives\Exchange\MAILBOX.PST=>[subject: Terabyte Club at 59 and counting][From: Jahnke, Mark]=>TeraClub.zip=>TeraClub.xls Désinfecté D:\NCR_Archives\Exchange\MAILBOX.PST=>[subject: Terabyte Club at 59 and counting][From: Jahnke, Mark]=>TeraClub.zip Recompression des archives réussie D:\NCR_Archives\Exchange\MAILBOX.PST Recompression des archives réussie D:\NCR_Archives\Exchange\MAILBOX.PST=>[subject: Re:][From: metisus:Terri Lerose]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability D:\SaveDell\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.92E11825 D:\SaveDell\OutlookBF\Boite aux lettres.pst=>[subject: RE : A warm wish ! from Frederic et Emmanuelle][From: Bernard Fitoussi]=>(body)=>(Compressed Rtf) Désinfection impossible D:\SaveDell\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Infecté: Generic.Peed.Eml.AFC639D1 D:\SaveDell\OutlookBF\Boite aux lettres.pst=>[subject: A warm wish ! from Frederic et Emmanuelle][From: fbrachfeld@ifrance.com]=>(body)=>(Compressed Rtf) Désinfection impossible D:\SaveDell\OutlookBF\Boite BB.pst=>[subject: Ils se battent pour la paix][From: jckat]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability D:\SaveDell\OutlookBF\Boite BB.pst=>[subject: 20/11 : Veolia, Prosodie, Sagem,...][From: laviefinanciere@laposte.net]=>(body)=>(Compressed Rtf) Suspect: Exploit.Iframe.Vulnerability 2/RAPPORT HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:49, on 06/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\apps\ABoard\AOSD.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Utilitaires PC\HijackThis\hijackthis202.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {93311CF1-18D6-4C1D-B8E4-4A45166B0968} - C:\WINDOWS\system32\qoMfdDwx.dll O2 - BHO: {2d736349-19e2-0cf8-7ab4-92bfc702ba7b} - {b7ab207c-fb29-4ba7-8fc0-2e91943637d2} - C:\WINDOWS\system32\iyrvcfnm.dll O2 - BHO: (no name) - {C83F6149-4782-4DAB-A478-96F195A376A2} - C:\WINDOWS\system32\xxyvVpMD.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [bM8ba6231f] Rundll32.exe "C:\WINDOWS\system32\rwfuwnqc.dll",s O4 - HKLM\..\Run: [88951083] rundll32.exe "C:\WINDOWS\system32\mhfqmdfx.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-925967871-2353556621-442134179-1010\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Laurence') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165769445515 O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: xxyvVpMD - C:\WINDOWS\SYSTEM32\xxyvVpMD.dll O23 - Service: .nen394cl - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 14757 bytes
- le 6 juin 2008
- 4 réponses
Firefox ne lit plus les .jpg

Bibif a posté un sujet dans Software

Bonjour, J'avais défini Firefox comme le lecteur standard d'images JPG, mais il a soudainement décidé qu'il y avait des erreurs et qu'il n'arrivait pas à les ouvrir. Exemple: Celle-ci, qui apparaît dans un nouvel onglet: L'image “file:///C:/Documents%20and%20Settings/BF/Bureau/invit-conf%201500308.jpg” ne peut être affichée car elle contient des erreurs. En fait les fichiers jpg sont parfaits (notamment les PJ que je peux recevoir de sources sûres). En changeant de logiciel de lecture (Aperçu des images et télécopies, Office Picture Manager) tout marche bien. Mais souhaitant éviter d'avoir trop de logiciels ouverts en même temps (mon PC n'est plus tout jeune), je préfèrerais que ce soit Firefox qui lise les JPG... Merci d'avance de vos lumières, BibifConfiguration: Windows XP Firefox 2.0.0.12
- le 11 mars 2008
- 1 réponse
WMP11 ne lit pas les .wmv

Bibif a répondu à un(e) sujet de Bibif dans Software

Merci Genesis, mais ... je ne sais pas ce que sont les codecs ... WMP11 était déjà installé sur mon PC (acheté neuf en Juin 2007). Dois-je quand même installer FFdshow ? @+ Bibif
- le 12 novembre 2007
- 6 réponses
WMP11 ne lit pas les .wmv

Bibif a répondu à un(e) sujet de Bibif dans Software

Merci Zonk, mais wmv est DEJA associé à WMP11. Il se charge d'ailleurs très bien quand je clique sur un .wmv et semble démarrer normalement, sauf qu'il n'y a pas d'image. @+ Bibif
- le 11 novembre 2007
- 6 réponses
WMP11 ne lit pas les .wmv

Bibif a posté un sujet dans Software

Bonjour, WMP11 ne lit plus les wmv, mais le son en revanche est OK. Une bonne âme saurait-elle me conseiller? (PC HP sous Windows XP Pro SP2) Merci d'avance, Bibif
- le 10 novembre 2007
- 6 réponses
[Résolu] Analyse HijackThis

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Hi AgneD, Voila, c'est propre, à ce "not-a-virus" près qui n'est tout de même pas très rassurant, surtout que Mirc est le logiciel favori du cliqueur fou... Bon, on va faire avec.. Merci de ton aide, Bibif
- le 11 août 2007
- 13 réponses
[Résolu] Analyse HijackThis

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

AgesD bonjour, Fihiers dossiers détruits, Restauration système désactivée/réactivée, ckiqueur fou débranché.. Kaspersky détecte encore 4 virus sur 12 infections. BitDefender n'a rien vu! Ci-dessous listes des fichiers infectés et rapport complet Kaspersky. Thanks a lot, Bibif PJ: 1/ LISTE DES FICHIERS INFECTES INFECTED OBJECT NAME VIRUS NAME LAST ACTION C:\Program Files\Pokélord Script\Pokélord Script v2.0.1\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip ZIP: infected - 2 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc6.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc6.exe NSIS: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe NSIS: infected - 2 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe/RasTaFaRai-ScRipT.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe InstallCreator: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe UPX: infected - 1 skipped 2: RAPPORT COMPLET KASPERSKY *KASPERSKY ONLINE SCANNER REPORT* Saturday, August 11, 2007 11:56:40 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 11/08/2007 Kaspersky Anti-Virus database records: 378647 *Scan Settings* Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true *Scan Target* My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ *Scan Statistics* Total number of scanned objects 77037 Number of viruses found 4 Number of infected objects 12 Number of suspicious objects 0 Duration of the scan process 01:26:19 *Infected Object Name* *Virus Name* *Last Action* C:\Documents and Settings\Laurence\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped C:\Documents and Settings\Laurence\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Historique\History.IE5\MSHist012007081120070812\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temp\~DFDE39.tmp Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurence\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Laurence\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\e7aab531284979627a07b3ae82c25b49\msxml4-KB927978-enu.log Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program Files\Pokélord Script\Pokélord Script v2.0.1\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip ZIP: infected - 2 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc6.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc6.exe NSIS: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe NSIS: infected - 2 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe/RasTaFaRai-ScRipT.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe InstallCreator: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe UPX: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\tracking.log Object is locked skipped C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini Object is locked skipped C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP2\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\bdss.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00000de1\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped *Scan process completed.*
- le 11 août 2007
- 13 réponses
[Résolu] Analyse HijackThis

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

AgnesD bonsoir, Ouh lala!!! J'ai fait ce que tu m'as dit. 1/ J'ai réussi à utiliser Kaspersky online (la version US car impossible de démarrer la française) Rapport ci-joint avec pas mal d'entrées, dont qq infections 2/ Ce qui est ibtéressant, c'est que Kaspersky semble avoir "libéré" des cochonneries que Bid Defender a bloquées. La plupart se situent dans le system volume information\_restore !!! Comme je n'arrive pas à imprimer le log des évènements BD, j'ai créé un rapport manuellement (copier-coller) ci-joint également. Voila docteur, ça semble plus grave que je croyais... Merci de ton aide, Bibif PJ RAPPORT KASPERSKY *KASPERSKY ONLINE SCANNER REPORT* Thursday, August 09, 2007 11:27:07 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 9/08/2007 Kaspersky Anti-Virus database records: 377681 *Scan Settings* Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true *Scan Target* My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ *Scan Statistics* Total number of scanned objects 79480 Number of viruses found 6 Number of infected objects 23 Number of suspicious objects 0 Duration of the scan process 01:25:52 *Infected Object Name* *Virus Name* *Last Action* C:\Documents and Settings\Laurence\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped C:\Documents and Settings\Laurence\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Historique\History.IE5\MSHist012007080920070810\index.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temp\~DFCEA8.tmp Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurence\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Laurence\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Noam\Application Data\Gram Logo Cool\bits meet grid.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\Documents and Settings\Noam\Application Data\Gram Logo Cool\Window Film Okay.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\Documents and Settings\Noam\Application Data\Gram Logo Cool\xxxhxbze.exe Object is locked skipped C:\Documents and Settings\Noam\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Noam\ntuser.dat.LOG Object is locked skipped C:\e7aab531284979627a07b3ae82c25b49\msxml4-KB927978-enu.log Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program Files\Navilog1\Backupnavi\rufxrm.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\Program Files\Pokélord Script\Pokélord Script v2.0.1\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc5.zip ZIP: infected - 2 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc6.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc6.exe NSIS: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc64.exe NSIS: infected - 2 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe/RasTaFaRai-ScRipT.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe InstallCreator: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1008\Dc84.exe UPX: infected - 1 skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1009\Dc76.exe Object is locked skipped C:\RECYCLER\S-1-5-21-3204904784-847708776-563733263-1009\Dc77.exe Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\tracking.log Object is locked skipped C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini Object is locked skipped C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP103\A0049669.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0050490.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP113\A0050844.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP114\A0051020.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP114\A0051065.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0051189.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0051194.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0051201.dll Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0051218.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0052178.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0052187.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0052188.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0052189.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP115\A0052191.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP117\A0052409.dll Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP117\A0052418.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP117\A0052420.exe Object is locked skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP119\A0052613.dll Infected: not-a-virus:AdWare.Win32.PowerSearch.c skipped C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP122\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\bdss.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00006887\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped *Scan process completed.* RAPPORT BITDEFENDER BitDefender Rapport manuel 9/8/07 23 :00 Ces évènements sont survenus au moment du scan Kaspersky et ont été bloqués par BD c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp117\a0052409.dll EST INFECTÉ AVEC Application.MOO c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp115\a0052241.exe EST INFECTÉ AVEC Trojan.FatObfus.AF c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp115\a0052188.exe EST INFECTÉ AVEC Trojan.Obfuscated.GZ c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp115\a0052189.exe EST INFECTÉ AVEC Trojan.Obfuscated.GZ c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp115\a0052178.exe EST INFECTÉ AVEC Trojan.FatObfus.AN c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp115\a0051201.dll EST INFECTÉ AVEC Application.MOO c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp115\a0051218.exe EST INFECTÉ AVEC Trojan.FatObfus.AN c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp114\a0051065.exe EST INFECTÉ AVEC Trojan.FatObfus.AN c:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\rp107\a0050490.exe EST INFECTÉ AVEC Backdoor.Skinymes.Agent.A c:\recycler\s-1-5-21-3204904784-847708776-563733263-1009\dc77.exe=](NSIS 2o)=]lzma_solid_nsis0009 EST INFECTÉ AVEC Backdoor.Skinymes.Agent.A c:\recycler\s-1-5-21-3204904784-847708776-563733263-1009\dc77.exe=](NSIS 2o)=]lzma_solid_nsis0009 EST INFECTÉ AVEC Backdoor.Skinymes.Agent.A c:\recycler\s-1-5-21-3204904784-847708776-563733263-1009\dc76.exe=](NSIS o)=]lzma_solid_nsis0005 EST INFECTÉ AVEC Application.MOO c:\recycler\s-1-5-21-3204904784-847708776-563733263-1009\dc76.exe=](NSIS o)=]lzma_solid_nsis0005 EST INFECTÉ AVEC Application.MOO c:\documents and settings\noam\application data\gram logo cool\xxxhxbze.exe EST INFECTÉ AVEC Trojan.FatObfus.AN *******
- le 9 août 2007
- 13 réponses
[Résolu] Analyse HijackThis

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

AgnesD bonsoir, Voila, j'ai fait ce que tu as dit, mais Kasperski online semble ne pas fonctionner. Il bloque sur l'écran d'acceptation des conditions d'utilisation. Cordialement, Bibif
- le 8 août 2007
- 13 réponses
[Résolu] Analyse HijackThis

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

Bonsoir AgnesD, Après ton traitement, il semble qu'il ya ait moins d'interceptions de Bitdefender, mais tu verras sur le rapport BD, il y a des saletés qui ne s'enlèvent pas. Voici les rapports HJ et BD Merci de ton aide, Bibif Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:17, on 7/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Outils\hijackthis202\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing) O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk.disabled O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled O4 - Global Startup: Logiciel Kodak EasyShare.lnk.disabled O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 10230 bytes //----------------------------------------------------------------- // // Produit BitDefender Antivirus Plus v10 // Produit 10.2 // // Créé le: 07/08/2007 17:34:31 // //----------------------------------------------------------------- Statistiques Chemin cible: C:\ Dossiers : 7425 Fichiers : 344730 Processus Mémoire analysés : 50 Archives : 9199 Fichiers enpaquetés : 16188 Virus trouvés : 4 Fichiers infectés : 6 Processus Mémoire infectés : 0 Fichiers suspects : 0 Alertes : 0 Fichiers désinfectés : 0 Fichiers effacés : 0 Fichiers déplacés : 2 Erreurs I/O : 36 Temps d'analyse :=00:35:18 Fichiers/seconde :162 Statistiques Spywares Registres analysés : 1846 Registres infectés : 0 Cookies analysés : 0 Cookies infectés : 0 Fichiers spyware infectés : 0 Menaces Spyware détectées : 0 Définitions virus : 753914 Plugins d'analyse : 16 Plugins archives : 41 Plug-ins décompression : 6 Plug-ins messagerie : 6 Plug-ins système : 5 Options d'analyse Détection [X] Analyser le secteur de boot [X] Processus mémoire [X] Analyser les archives [X] Analyser les fichiers enpaquetés [X] Analyser la messagerie Masque fichiers [ ] Programmes [X] Tous les fichiers [ ] Extensions définies par l'utilisateur: [ ] Exclure les extensions: ; Action Objets infectés [ ] Ignorer [X] Désinfecter [ ] Effacer [ ] Mettre en quarantaine [ ] Demander l'action Seconde action [ ] Ignorer [ ] Effacer [X] Mettre en quarantaine [ ] Demander l'action Options d'analyse [X] Activer les alertes [X] Activer l'heuristique [ ] Afficher tous les fichiers dans le journal [X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1186500871.log Options d'analyse Spyware [X] Analyse contre les risques non-viraux [ ] Ecarter de l'analyse les dialers et les applications [X] Clés de registres [X] Cookies Résumé: C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\Z0YGW48O\AccountHelper[1].cab=>Account.dll Infecté: Trojan.Dloader.YH C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\Z0YGW48O\AccountHelper[1].cab=>Account.dll Désinfection impossible C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\Z0YGW48O\AccountHelper[1].cab=>Account.dll Déplacement impossible C:\Documents and Settings\Noam\Local Settings\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\Cache\8997E8C7d01=>archstored:windrop/eggdrop.exe Détecté: Application.Eggbot.A C:\Documents and Settings\Noam\Local Settings\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\Cache\8997E8C7d01=>archstored:windrop/eggdrop.exe Désinfection impossible C:\Documents and Settings\Noam\Local Settings\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\Cache\8997E8C7d01 Déplacé C:\Documents and Settings\Noam\Local Settings\Temp\1qvo7kvk.zip=>archstored:windrop/eggdrop.exe Détecté: Application.Eggbot.A C:\Documents and Settings\Noam\Local Settings\Temp\1qvo7kvk.zip=>archstored:windrop/eggdrop.exe Désinfection impossible C:\Documents and Settings\Noam\Local Settings\Temp\1qvo7kvk.zip Déplacé C:\Documents and Settings\Noam\Local Settings\Temp\8wgadar5.exe=>(NSIS o)=>lzma_solid_nsis0005 Infecté: Backdoor.Irc.Lambot.G C:\Documents and Settings\Noam\Local Settings\Temp\8wgadar5.exe=>(NSIS o)=>lzma_solid_nsis0005 Désinfection impossible C:\Documents and Settings\Noam\Local Settings\Temp\8wgadar5.exe=>(NSIS o)=>lzma_solid_nsis0005 Déplacement impossible C:\Documents and Settings\Noam\Mes documents\Pokelord2Install.exe=>(NSIS o)=>lzma_solid_nsis0005 Infecté: Backdoor.Irc.Lambot.G C:\Documents and Settings\Noam\Mes documents\Pokelord2Install.exe=>(NSIS o)=>lzma_solid_nsis0005 Désinfection impossible C:\Documents and Settings\Noam\Mes documents\Pokelord2Install.exe=>(NSIS o)=>lzma_solid_nsis0005 Déplacement impossible C:\Dov\A installer\messengerskinner.exe=>(NSIS 2o)=>lzma_solid_nsis0009 Infecté: Backdoor.Skinymes.Agent.A C:\Dov\A installer\messengerskinner.exe=>(NSIS 2o)=>lzma_solid_nsis0009 Désinfection impossible C:\Dov\A installer\messengerskinner.exe=>(NSIS 2o)=>lzma_solid_nsis0009 Déplacement impossible
- le 7 août 2007
- 13 réponses
[Résolu] Analyse HijackThis

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

AgnesD, Merci de ton aide. J'ai bien commençé par débrancher le connecteur fou...(Ce n'est pas toujours facile...) J'ai procédé exactement comme tu me l'as dit. Ci dessous les rapports AVG Spyware et Navilog. Cordialement, Bibif PJ: Search Navipromo version 2.0.5 commencé le lun. 06/08/2007 à 15:38:05,62 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Laurence\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of October, 2007. Version information: 2.2.1064. [+] Started on 08/06/07 at 15:38:07. [+] Initializing ... [+] Starting scan, press Ctrl-C to abort. [+] Scanning for hidden items ............................................................. [+] Scan complete. [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming. [+] Exited on 08/06/07 at 15:43:15 (return code = 0). *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** 3)Recherche Certificats : Certificat Egroup trouvé ! *** Analyse Terminé le lun. 06/08/2007 à 15:43:39,85 *** ----------- --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:13:21 6/08/2007 + Résultat de l'analyse: C:\WINDOWS\system32\pbbefrv2.dll -> Adware.PowerSearch : Nettoyé. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP117\A0052421.exe -> Dropper.VB.lu : Nettoyé. :mozilla.142:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.143:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.144:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.145:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.16:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.127:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.128:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.129:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.130:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.17:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.18:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.19:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.20:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.21:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.22:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.23:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.284:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.285:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.374:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.147:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.148:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.10:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.31:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.32:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.7:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.52:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.83:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.140:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé. :mozilla.189:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.46:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.443:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.444:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.445:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.84:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.50:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.98:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.534:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.244:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.245:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.58:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.59:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.493:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Information : Nettoyé. :mozilla.95:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Information : Nettoyé. :mozilla.480:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.481:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.482:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.11:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.70:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.71:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.72:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.546:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé. :mozilla.150:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.151:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.152:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.153:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.25:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.26:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.27:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.28:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.324:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.84:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.85:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.326:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé. :mozilla.87:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé. :mozilla.327:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.328:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.329:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.88:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.89:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.183:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.333:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.334:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.335:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.336:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.337:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.96:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.97:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.98:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.99:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.41:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.118:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.119:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.120:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.150:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.77:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.78:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.79:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.80:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.81:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.355:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyé. :mozilla.356:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyé. :mozilla.102:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.357:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.103:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé. :mozilla.111:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.112:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.62:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.63:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.64:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.120:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.138:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.139:C:\Documents and Settings\Martinette\Application Data\Mozilla\Firefox\Profiles\tstv0cn3.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.409:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.410:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.411:C:\Documents and Settings\Noam\Application Data\Mozilla\Firefox\Profiles\daubryqs.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport
- le 6 août 2007
- 13 réponses
[Résolu] Analyse HijackThis

Bibif a posté un sujet dans Analyses et éradication malwares

Bonjour, Pouvez-vou sm'aider à désinfecter ce PC SVP (utilisé par un connecteur fou de 12 ans !!) ? Un scan complet BitDefender a été eFfectué/ Résumé bd : C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\Z0YGW48O\AccountHelper[1].cab=>Account.dll Infecté: Trojan.Dloader.YH C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\Z0YGW48O\AccountHelper[1].cab=>Account.dll Désinfection impossible C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\Z0YGW48O\AccountHelper[1].cab=>Account.dll Déplacement impossible C:\Documents and Settings\Noam\Local Settings\Temp\8k9ssiot.zip=>mirc.exe Infecté: Trojan.Mirchack.A C:\Documents and Settings\Noam\Local Settings\Temp\8k9ssiot.zip=>mirc.exe Désinfection impossible C:\Documents and Settings\Noam\Local Settings\Temp\8k9ssiot.zip Déplacé C:\Documents and Settings\Noam\Local Settings\Temp\8wgadar5.exe=>(NSIS o)=>lzma_solid_nsis0005 Détecté: Application.MOO C:\Documents and Settings\Noam\Local Settings\Temp\8wgadar5.exe=>(NSIS o)=>lzma_solid_nsis0005 Désinfection impossible C:\Documents and Settings\Noam\Local Settings\Temp\8wgadar5.exe=>(NSIS o)=>lzma_solid_nsis0005 Déplacement impossible C:\Documents and Settings\Noam\Mes documents\Pokelord2Install.exe=>(NSIS o)=>lzma_solid_nsis0005 Détecté: Application.MOO C:\Documents and Settings\Noam\Mes documents\Pokelord2Install.exe=>(NSIS o)=>lzma_solid_nsis0005 Désinfection impossible C:\Documents and Settings\Noam\Mes documents\Pokelord2Install.exe=>(NSIS o)=>lzma_solid_nsis0005 Déplacement impossible C:\Dov\A installer\messengerskinner.exe=>(NSIS 2o)=>lzma_solid_nsis0009 Infecté: Backdoor.Skinymes.Agent.A C:\Dov\A installer\messengerskinner.exe=>(NSIS 2o)=>lzma_solid_nsis0009 Désinfection impossible C:\Dov\A installer\messengerskinner.exe=>(NSIS 2o)=>lzma_solid_nsis0009 Déplacement impossible C:\Program Files\Rastafarai Script V4\Dll\moo.$A Détecté: Application.Motherboardmonitor.F C:\Program Files\Rastafarai Script V4\Dll\moo.$A Désinfection impossible C:\Program Files\Rastafarai Script V4\Dll\moo.$A Déplacé Le pare feu de BitDefender demande systématiquement les autorisation d'import de Active script Java sur Firefox, alors que l'autorisation lui a déjà été donnée C'est grave Docteur? Merci de votre aide, Bibif Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:29:45, on 5/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\svchost.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Outils\hijackthis202\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk.disabled O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled O4 - Global Startup: Logiciel Kodak EasyShare.lnk.disabled O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9831 bytes
- le 5 août 2007
- 13 réponses
Explorer XP: Afficher Dossiers tjrs AVANT fichiers?

Bibif a posté un sujet dans Optimisation, Trucs & Astuces

Bonjour, Je viens de passer à XP Pro (mon vieux Win98 a rendu l'âme après 7 ans de loyaux services...). J'étais habitué dans Explorer à avoir la liste des éléments d'un dossier affichés dans l'ordre antichronologique suivant: - Dossiers - Fichiers En passant à un autre type d'affichage (type de doc par exemple) les dossiers restaient TOUJOURS DEVANT LES FICHIERS. Sous XP, les dossiers restent toujours derrière, en bas de l'écran ... Y a t il un moyen de les faire passer devant? Merci pour votre aide, Bibif
- le 26 juillet 2007
- 1 réponse
Compatibilité Norton Int. Security et Avast Home?

Bibif a posté un sujet dans Sécurisation, prévention

Bonsoir à tous, Un de mes amis a une licence Norton qui arrive à expiration et qu'il ne souhaite pas renouveler. Est-il possible de: - continuer à utiliser la fonction Pare-feu de Norton (ce qui éviterait de reparamétrer un nouveau pare-feu, tâche ardue pour mon ami) ; - désactiver l'antivirus de Norton; - installer et utiliser Avast Home ? Merci d'avance pour vos lumières, Bibif
- le 30 décembre 2006
- 1 réponse
Rapport Hikack (ZKUJSTF.EXE)

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

A ignorer...Sorry!
- le 18 décembre 2006
- 19 réponses
Rapport Hikack (ZKUJSTF.EXE)

Bibif a répondu à un(e) sujet de Bibif dans Analyses et éradication malwares

A ignorer Sorry!
- le 18 décembre 2006
- 19 réponses

Connexion

Bibif

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Bibif

Trojan.Vundo ?

Trojan.Vundo ?

Trojan.Vundo ?

Trojan.Vundo ?

Trojan.Vundo ?

Trojan.Vundo ?

Trojan.Vundo ?

Trojan.Vundo.ERH bloqué (?) par Bitdefender

Trojan.Vundo.ERH bloqué (?) par Bitdefender

Trojan.Vundo.ERH bloqué (?) par Bitdefender

Firefox ne lit plus les .jpg

WMP11 ne lit pas les .wmv

WMP11 ne lit pas les .wmv

WMP11 ne lit pas les .wmv

[Résolu] Analyse HijackThis

[Résolu] Analyse HijackThis

[Résolu] Analyse HijackThis

[Résolu] Analyse HijackThis

[Résolu] Analyse HijackThis

[Résolu] Analyse HijackThis

[Résolu] Analyse HijackThis

Explorer XP: Afficher Dossiers tjrs AVANT fichiers?

Compatibilité Norton Int. Security et Avast Home?

Rapport Hikack (ZKUJSTF.EXE)

Rapport Hikack (ZKUJSTF.EXE)

Zebulon

Outils en ligne

Naviguer