morpheus613
-
Compteur de contenus
8 -
Inscription
-
Dernière visite
morpheus613's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Help Gros probleme Trojan Win32 TDSS.ntf
morpheus613 a posté un sujet dans Analyses et éradication malwares
Bonjour a tous, Voila j'ai un Mega gros souci mon Portable plante a cause de se gros virus que je ne peux pas virer aider moi svp je vous mets mon Rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10:01, on 09/09/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Patricia\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...0409&m=e625 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...0409&m=e625 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...0409&m=e625 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - Startup: Groom.lnk = C:\Program Files\Toox\Groom\Groom.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU) O13 - Gopher Prefix: O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 6263 bytes je vous remercie pour votre aide -
j'ai un virus grr je ne sais pas comment faire help please "
morpheus613 a répondu à un(e) sujet de morpheus613 dans Analyses et éradication malwares
voila Thanos j'ai fait par contre je n'avais pas le fichier C:\WINDOWS\system32\apvmkfvc.ini voila mon log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:02, on 16/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Apps\Powercinema\PCMService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\benjamin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203627710777 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe -- End of file - 7077 bytes -
j'ai un virus grr je ne sais pas comment faire help please "
morpheus613 a répondu à un(e) sujet de morpheus613 dans Analyses et éradication malwares
Voila il m'a plus rien trouvé Yesssss :P Merci bcp a toi thanos tu es le meilleur :P voila le log ComboFix 08-03-14.4 - benjamin 2008-03-16 0:24:57.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.184 [GMT 1:00] Endroit: C:\Documents and Settings\benjamin\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\benjamin\Bureau\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\benjamin\Bureau\SDFix C:\DOCUME~1\benjamin\Bureau\SDFix\apps\assosfix.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\cliptext.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\download.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\dummy.sys C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Enable_Command_Prompt.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\ERDNT.E_E C:\DOCUME~1\benjamin\Bureau\SDFix\apps\ERDNTDOS.LOC C:\DOCUME~1\benjamin\Bureau\SDFix\apps\ERDNTWIN.LOC C:\DOCUME~1\benjamin\Bureau\SDFix\apps\ERUNT.EXE C:\DOCUME~1\benjamin\Bureau\SDFix\apps\ERUNT.LOC C:\DOCUME~1\benjamin\Bureau\SDFix\apps\fix.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixBH.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixComponents.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FIXCU.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FIXLM.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixPath.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixRedir.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixSchedule.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixWebCheck.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\fixXP.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\FixXPsp2.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\grep.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix2.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix3.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix4.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix5.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix6.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\HPFix7.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\isadmin.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\leg2.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\legacy.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\legacybk.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\locate.com C:\DOCUME~1\benjamin\Bureau\SDFix\apps\LS.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\MD5File.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\MyGcpvFix.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\MyGkFix2.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Process.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\procs.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\psservice.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Rem.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Rem2.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\regedit.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\W2K.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\w2k\beep.sys C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\w2k\null.sys C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\XP.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\xp\beep.sys C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Replace\xp\null.sys C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Reset_AppInit_DLLs.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\RestartIt!.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Restore_SecurityCenter.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\Restore_SharedAccess.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\sc.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\sed.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\SF.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\shutdown.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\srv2.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\srv2bk.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\svc.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\svcbk.txt C:\DOCUME~1\benjamin\Bureau\SDFix\apps\swreg.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\swsc.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\unzip.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\vfind.exe C:\DOCUME~1\benjamin\Bureau\SDFix\apps\WINMSG.EXE C:\DOCUME~1\benjamin\Bureau\SDFix\apps\winsec.reg C:\DOCUME~1\benjamin\Bureau\SDFix\apps\zip.exe C:\DOCUME~1\benjamin\Bureau\SDFix\backups\backupreg.zip C:\DOCUME~1\benjamin\Bureau\SDFix\backups\backups.zip C:\DOCUME~1\benjamin\Bureau\SDFix\backups\HOSTS C:\DOCUME~1\benjamin\Bureau\SDFix\catchme.exe C:\DOCUME~1\benjamin\Bureau\SDFix\dummy.sys C:\DOCUME~1\benjamin\Bureau\SDFix\Report.txt C:\DOCUME~1\benjamin\Bureau\SDFix\RunThis.bat C:\DOCUME~1\benjamin\Bureau\SDFix\SDFIX_ReadMe_Online.url C:\VundoFix Backups C:\WINDOWS\system32\_000005_.tmp.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))))))) . 2008-03-13 20:15 . 2008-03-13 20:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-12 23:55 . 2004-08-16 16:55 <REP> d--h----- C:\Documents and Settings\Administrateur.106050930134\Voisinage réseau 2008-03-12 23:55 . 2004-08-16 16:55 <REP> d--h----- C:\Documents and Settings\Administrateur.106050930134\Voisinage d'impression 2008-03-12 23:55 . 2004-08-16 16:55 <REP> d--h----- C:\Documents and Settings\Administrateur.106050930134\Modèles 2008-03-12 23:55 . 2006-07-10 11:07 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Mes documents 2008-03-12 23:55 . 2004-08-16 16:55 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Menu Démarrer 2008-03-12 23:55 . 2006-07-10 10:57 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Favoris 2008-03-12 23:55 . 2008-03-13 00:25 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Bureau 2008-03-12 23:55 . 2006-07-10 10:57 <REP> d-------- C:\Documents and Settings\Administrateur.106050930134\Application Data\You've Got Pictures Screensaver 2008-03-12 23:55 . 2006-07-10 10:59 <REP> d-------- C:\Documents and Settings\Administrateur.106050930134\Application Data\Symantec 2008-03-12 23:04 . 2008-03-12 23:04 <REP> d-------- C:\Program Files\Trend Micro 2008-03-12 22:24 . 2008-03-12 22:25 408 --a------ C:\WINDOWS\wininit.ini 2008-03-12 16:15 . 2008-03-13 17:45 714 ---hs---- C:\WINDOWS\system32\apvmkfvc.ini 2008-03-11 22:10 . 2008-03-13 00:00 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-03-02 10:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-25 22:26 . 2008-03-16 00:21 56 --a------ C:\WINDOWS\Bbt97.INI 2008-02-25 22:21 . 2004-03-08 23:00 260,880 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX 2008-02-25 22:21 . 2004-03-08 23:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-02-25 22:21 . 1998-12-02 08:11 143,360 --a------ C:\WINDOWS\system32\fsuz.dll 2008-02-25 22:21 . 2003-09-25 09:00 107,560 --a------ C:\WINDOWS\system32\CSWSK32.OCX 2008-02-25 22:21 . 1996-08-05 11:00 92,160 -ra------ C:\WINDOWS\system32\grid32.ocx 2008-02-25 22:21 . 2006-10-22 14:25 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE 2008-02-25 22:21 . 2002-03-13 15:46 53,248 --a------ C:\WINDOWS\system32\zlib.dll 2008-02-25 22:09 . 2008-02-25 22:09 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\AdobeUM 2008-02-24 21:24 . 2008-03-15 22:28 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2008-02-24 01:22 . 2008-02-24 01:22 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-02-24 01:22 . 1998-06-16 23:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL 2008-02-24 01:22 . 1998-06-16 23:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2008-02-24 01:22 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-02-24 01:21 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-02-24 01:21 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX 2008-02-24 01:21 . 2004-03-08 23:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX 2008-02-24 01:21 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2008-02-24 01:21 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2008-02-24 01:21 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2008-02-24 01:21 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll 2008-02-24 01:21 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2008-02-24 01:21 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL 2008-02-24 01:21 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2008-02-24 00:42 . 2008-02-24 00:42 <REP> d-------- C:\Program Files\Alwil Software 2008-02-24 00:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-24 00:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-02-24 00:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-24 00:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-24 00:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-24 00:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-24 00:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-24 00:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-23 23:11 . 2008-02-23 23:11 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Sonic 2008-02-23 23:09 . 2008-02-23 23:09 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Leadertech 2008-02-23 22:09 . 2008-02-23 22:09 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\vlc 2008-02-23 21:19 . 2008-02-23 22:05 <REP> d-------- C:\Program Files\Freeplayer 2008-02-22 05:04 . 2004-07-13 01:42 3,895 --a------ C:\WINDOWS\system32\REC.HTA 2008-02-22 05:04 . 1998-04-24 09:00 1,078 --a------ C:\WINDOWS\system32\REC.ICO 2008-02-22 05:04 . 2003-04-17 20:33 973 --a------ C:\WINDOWS\system32\REC.CSS 2008-02-22 05:04 . 2003-04-17 20:20 668 --a------ C:\WINDOWS\system32\REC_EXIT.GIF 2008-02-22 01:20 . 2008-02-22 01:20 2,323,968 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-02-22 01:07 . 2008-02-23 20:06 <REP> d--h----- C:\WINDOWS\Icons 2008-02-22 00:52 . 2008-03-05 18:27 <REP> d-------- C:\Documents and Settings\benjamin\Contacts 2008-02-22 00:50 . 2008-02-22 00:50 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-02-22 00:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-22 00:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-22 00:25 . 2008-02-22 00:31 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-02-22 00:23 . 2008-02-22 00:23 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Skype 2008-02-22 00:18 . 2008-02-22 00:18 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\OD2 2008-02-22 00:17 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-02-22 00:17 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-02-22 00:17 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-02-22 00:14 . 2008-02-22 00:15 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-02-21 23:50 . 2008-02-21 23:50 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Lavasoft 2008-02-21 23:49 . 2008-02-21 23:49 <REP> d-------- C:\Program Files\Lavasoft 2008-02-21 23:41 . 2008-02-21 23:56 <REP> d-------- C:\Program Files\TuneUp Utilities 2007 2008-02-21 23:41 . 2008-02-21 23:41 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\TuneUp Software 2008-02-21 23:41 . 2007-01-17 14:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-21 23:18 . 2008-02-22 00:14 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-02-21 22:51 . 2007-12-07 02:42 6,067,200 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-21 22:51 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-21 22:51 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-21 22:51 . 2007-12-07 02:42 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-21 22:51 . 2007-12-07 02:42 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-21 22:51 . 2007-12-07 02:42 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-21 22:51 . 2007-12-07 02:42 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-21 22:51 . 2007-12-07 02:42 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-21 22:51 . 2007-12-06 09:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-21 22:50 . 2008-02-21 22:52 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-02-21 22:36 . 2008-02-21 22:36 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-21 22:31 . 2008-02-21 22:31 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Talkback 2008-02-21 22:30 . 2008-02-21 22:30 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Thunderbird 2008-02-21 22:25 . 2008-02-21 22:25 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\MSNInstaller 2008-02-21 22:23 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-02-21 22:23 . 2008-02-21 22:23 244 --ah----- C:\sqmnoopt10.sqm 2008-02-21 22:23 . 2008-02-21 22:23 232 --ah----- C:\sqmdata10.sqm 2008-02-21 22:19 . 2008-02-21 22:19 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Corel 2008-02-21 21:56 . 2008-02-21 21:56 <REP> d--hs---- C:\Documents and Settings\benjamin\UserData 2008-02-21 20:41 . 2008-02-21 20:41 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Symantec 2008-02-21 20:32 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2008-02-21 20:18 . 2008-02-22 04:53 <REP> d--h----- C:\Documents and Settings\benjamin\Voisinage réseau 2008-02-21 20:18 . 2008-02-22 04:53 <REP> d--h----- C:\Documents and Settings\benjamin\Voisinage d'impression 2008-02-21 20:18 . 2008-02-22 04:57 <REP> d--h----- C:\Documents and Settings\benjamin\Modèles 2008-02-21 20:18 . 2008-03-13 22:03 <REP> dr------- C:\Documents and Settings\benjamin\Mes documents . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-02 09:29 --------- d-----w C:\Program Files\Java 2008-02-26 00:08 --------- d-----w C:\Program Files\FlashFXP 2008-02-25 23:10 --------- d-----w C:\Program Files\Free Audio Pack 2008-02-25 21:21 --------- d-----w C:\Program Files\Ludiclub 2008-02-23 22:02 --------- d-----w C:\Program Files\SLD Codec Pack 2008-02-22 04:01 --------- d-----w C:\Program Files\Services en ligne 2008-02-22 03:58 --------- d-----w C:\Program Files\QuickTime 2008-02-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared 2008-02-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-02-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\aolshare 2008-02-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-02-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2 2008-02-22 03:53 --------- d-----w C:\Program Files\Real 2008-02-21 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-21 23:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-02-21 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-21 22:39 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-21 21:50 --------- d-----w C:\Program Files\MSN Messenger 2008-02-21 21:25 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-21 21:21 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-02-09 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-09 18:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-11 05:54 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 22:20 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2008-02-09 14:02 6051144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 14:25 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 14:22 77824] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 14:37 14477312 C:\WINDOWS\RTHDCPL.EXE] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 10:50 729178] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 12:12 88204 C:\WINDOWS\AGRSMMSG.exe] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48 127118] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnljkl] opnljkl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrop] wvurrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\APPS\\skype\\phone\\Skype.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-11 12:24:38 C:\WINDOWS\Tasks\HDReg.job" - c:\Apps\HDReg\HDRegRem.exe "2008-02-29 16:45:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 00:27:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . Temps d'accomplissement: 2008-03-16 0:27:52 ComboFix-quarantined-files.txt 2008-03-15 23:27:43 ComboFix2.txt 2008-03-15 20:33:46 . 2008-03-12 16:36:25 --- E O F --- -
j'ai un virus grr je ne sais pas comment faire help please "
morpheus613 a répondu à un(e) sujet de morpheus613 dans Analyses et éradication malwares
Voila Thanos je viens de mettre mon rapport ComboFix 08-03-14.4 - benjamin 2008-03-15 21:26:29.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00] Endroit: C:\Documents and Settings\benjamin\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM773fa2da.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ejxvmapr.dll C:\WINDOWS\system32\erevlxkj.dll C:\WINDOWS\system32\hiiii.ini C:\WINDOWS\system32\hiiii.ini2 C:\WINDOWS\system32\hqvcstuu.dll C:\WINDOWS\system32\iiiih.dll C:\WINDOWS\system32\opnljkl.dll C:\WINDOWS\system32\pbitpdou.dll C:\WINDOWS\system32\pftdrfur.ini C:\WINDOWS\system32\rufrdtfp.dll C:\WINDOWS\system32\tkjndivn.dll C:\WINDOWS\system32\uutscvqh.ini C:\WINDOWS\system32\vwaxyjtg.dll C:\WINDOWS\system32\wsdethwa.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))))))) . 2008-03-13 20:54 . 2008-03-13 20:54 <REP> d-------- C:\VundoFix Backups 2008-03-13 20:15 . 2008-03-13 20:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-12 23:55 . 2004-08-16 16:55 <REP> d--h----- C:\Documents and Settings\Administrateur.106050930134\Voisinage r‚seau 2008-03-12 23:55 . 2004-08-16 16:55 <REP> d--h----- C:\Documents and Settings\Administrateur.106050930134\Voisinage d'impression 2008-03-12 23:55 . 2004-08-16 16:55 <REP> d--h----- C:\Documents and Settings\Administrateur.106050930134\ModŠles 2008-03-12 23:55 . 2006-07-10 11:07 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Mes documents 2008-03-12 23:55 . 2004-08-16 16:55 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Menu D‚marrer 2008-03-12 23:55 . 2006-07-10 10:57 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Favoris 2008-03-12 23:55 . 2008-03-13 00:25 <REP> dr------- C:\Documents and Settings\Administrateur.106050930134\Bureau 2008-03-12 23:55 . 2006-07-10 10:57 <REP> d-------- C:\Documents and Settings\Administrateur.106050930134\Application Data\You've Got Pictures Screensaver 2008-03-12 23:55 . 2006-07-10 10:59 <REP> d-------- C:\Documents and Settings\Administrateur.106050930134\Application Data\Symantec 2008-03-12 23:04 . 2008-03-12 23:04 <REP> d-------- C:\Program Files\Trend Micro 2008-03-12 22:24 . 2008-03-12 22:25 408 --a------ C:\WINDOWS\wininit.ini 2008-03-12 16:15 . 2008-03-13 17:45 714 ---hs---- C:\WINDOWS\system32\apvmkfvc.ini 2008-03-11 22:10 . 2008-03-13 00:00 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-03-02 10:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-25 22:26 . 2008-03-10 18:37 56 --a------ C:\WINDOWS\Bbt97.INI 2008-02-25 22:21 . 2004-03-08 23:00 260,880 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX 2008-02-25 22:21 . 2004-03-08 23:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-02-25 22:21 . 1998-12-02 08:11 143,360 --a------ C:\WINDOWS\system32\fsuz.dll 2008-02-25 22:21 . 2003-09-25 09:00 107,560 --a------ C:\WINDOWS\system32\CSWSK32.OCX 2008-02-25 22:21 . 1996-08-05 11:00 92,160 -ra------ C:\WINDOWS\system32\grid32.ocx 2008-02-25 22:21 . 2006-10-22 14:25 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE 2008-02-25 22:21 . 2002-03-13 15:46 53,248 --a------ C:\WINDOWS\system32\zlib.dll 2008-02-25 22:09 . 2008-02-25 22:09 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\AdobeUM 2008-02-24 21:24 . 2008-03-13 22:51 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2008-02-24 01:22 . 2008-02-24 01:22 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-02-24 01:22 . 1998-06-16 23:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL 2008-02-24 01:22 . 1998-06-16 23:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2008-02-24 01:22 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-02-24 01:21 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-02-24 01:21 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX 2008-02-24 01:21 . 2004-03-08 23:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX 2008-02-24 01:21 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2008-02-24 01:21 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2008-02-24 01:21 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2008-02-24 01:21 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll 2008-02-24 01:21 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2008-02-24 01:21 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL 2008-02-24 01:21 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2008-02-24 00:42 . 2008-02-24 00:42 <REP> d-------- C:\Program Files\Alwil Software 2008-02-24 00:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-24 00:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-02-24 00:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-24 00:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-24 00:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-24 00:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-24 00:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-24 00:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-23 23:11 . 2008-02-23 23:11 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Sonic 2008-02-23 23:09 . 2008-02-23 23:09 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Leadertech 2008-02-23 22:09 . 2008-02-23 22:09 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\vlc 2008-02-23 21:19 . 2008-02-23 22:05 <REP> d-------- C:\Program Files\Freeplayer 2008-02-22 05:04 . 2004-07-13 01:42 3,895 --a------ C:\WINDOWS\system32\REC.HTA 2008-02-22 05:04 . 1998-04-24 09:00 1,078 --a------ C:\WINDOWS\system32\REC.ICO 2008-02-22 05:04 . 2003-04-17 20:33 973 --a------ C:\WINDOWS\system32\REC.CSS 2008-02-22 05:04 . 2003-04-17 20:20 668 --a------ C:\WINDOWS\system32\REC_EXIT.GIF 2008-02-22 01:20 . 2008-02-22 01:20 2,323,968 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-02-22 01:07 . 2008-02-23 20:06 <REP> d--h----- C:\WINDOWS\Icons 2008-02-22 00:52 . 2008-03-05 18:27 <REP> d-------- C:\Documents and Settings\benjamin\Contacts 2008-02-22 00:50 . 2008-02-22 00:50 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-02-22 00:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-22 00:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-22 00:25 . 2008-02-22 00:31 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-02-22 00:23 . 2008-02-22 00:23 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Skype 2008-02-22 00:18 . 2008-02-22 00:18 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\OD2 2008-02-22 00:17 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-02-22 00:17 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-02-22 00:17 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-02-22 00:14 . 2008-02-22 00:15 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-02-21 23:50 . 2008-02-21 23:50 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Lavasoft 2008-02-21 23:49 . 2008-02-21 23:49 <REP> d-------- C:\Program Files\Lavasoft 2008-02-21 23:41 . 2008-02-21 23:56 <REP> d-------- C:\Program Files\TuneUp Utilities 2007 2008-02-21 23:41 . 2008-02-21 23:41 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\TuneUp Software 2008-02-21 23:41 . 2007-01-17 14:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-21 23:18 . 2008-02-22 00:14 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-02-21 22:51 . 2007-12-07 02:42 6,067,200 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-21 22:51 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-21 22:51 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-21 22:51 . 2007-12-07 02:42 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-21 22:51 . 2007-12-07 02:42 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-21 22:51 . 2007-12-07 02:42 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-21 22:51 . 2007-12-07 02:42 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-21 22:51 . 2007-12-07 02:42 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-21 22:51 . 2007-12-06 09:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-21 22:50 . 2008-02-21 22:52 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-02-21 22:36 . 2008-02-21 22:36 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-21 22:31 . 2008-02-21 22:31 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Talkback 2008-02-21 22:30 . 2008-02-21 22:30 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Thunderbird 2008-02-21 22:25 . 2008-02-21 22:25 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\MSNInstaller 2008-02-21 22:23 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-02-21 22:23 . 2008-02-21 22:23 244 --ah----- C:\sqmnoopt10.sqm 2008-02-21 22:23 . 2008-02-21 22:23 232 --ah----- C:\sqmdata10.sqm 2008-02-21 22:19 . 2008-02-21 22:19 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Corel 2008-02-21 21:56 . 2008-02-21 21:56 <REP> d--hs---- C:\Documents and Settings\benjamin\UserData 2008-02-21 20:41 . 2008-02-21 20:41 <REP> d-------- C:\Documents and Settings\benjamin\Application Data\Symantec 2008-02-21 20:32 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2008-02-21 20:18 . 2008-02-22 04:53 <REP> d--h----- C:\Documents and Settings\benjamin\Voisinage r‚seau 2008-02-21 20:18 . 2008-02-22 04:53 <REP> d--h----- C:\Documents and Settings\benjamin\Voisinage d'impression 2008-02-21 20:18 . 2008-02-22 04:57 <REP> d--h----- C:\Documents and Settings\benjamin\ModŠles . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-02 09:29 --------- d-----w C:\Program Files\Java 2008-02-26 00:08 --------- d-----w C:\Program Files\FlashFXP 2008-02-25 23:10 --------- d-----w C:\Program Files\Free Audio Pack 2008-02-25 21:21 --------- d-----w C:\Program Files\Ludiclub 2008-02-23 22:02 --------- d-----w C:\Program Files\SLD Codec Pack 2008-02-22 04:01 --------- d-----w C:\Program Files\Services en ligne 2008-02-22 03:58 --------- d-----w C:\Program Files\QuickTime 2008-02-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared 2008-02-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-02-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\aolshare 2008-02-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-02-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2 2008-02-22 03:53 --------- d-----w C:\Program Files\Real 2008-02-21 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-21 23:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-02-21 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-21 22:39 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-21 21:50 --------- d-----w C:\Program Files\MSN Messenger 2008-02-21 21:25 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-21 21:21 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-02-09 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-09 18:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2008-02-09 14:02 6051144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 14:25 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 14:22 77824] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 14:37 14477312 C:\WINDOWS\RTHDCPL.EXE] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 10:50 729178] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 12:12 88204 C:\WINDOWS\AGRSMMSG.exe] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48 127118] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnljkl] opnljkl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrop] wvurrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\APPS\\skype\\phone\\Skype.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-11 12:24:38 C:\WINDOWS\Tasks\HDReg.job" - c:\Apps\HDReg\HDRegRem.exe "2008-02-29 16:45:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-15 21:32:03 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-15 21:33:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-15 20:33:42 . 2008-03-12 16:36:25 --- E O F --- -
j'ai un virus grr je ne sais pas comment faire help please "
morpheus613 a répondu à un(e) sujet de morpheus613 dans Analyses et éradication malwares
:P je suis toujours infecter sniffffffffffff -
j'ai un virus grr je ne sais pas comment faire help please "
morpheus613 a répondu à un(e) sujet de morpheus613 dans Analyses et éradication malwares
voila j'ai fait tous ce que tu m'a dit je te poste les trois log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16:37, on 13/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\APP S\system32\hqvcstuu.dll",b O4 - HKLM\..\Run: [bM773fa2da] Rundll32.exe "C:\WINDOWS\system32\pbitpdou.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203627710777 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe -- End of file - 6702 bytes ------------------------------------------------------------------------------------------------------------------------------------------------------- LOG SDFix SDFix: Version 1.156 Run by benjamin on 13/03/2008 at 20:20 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\benjamin\Bureau\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\mstasker.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-13 20:45:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\benjamin\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 8 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll" Finished! ----------------------------------------------------------------------------------------------------------------------------------------------------------------- Log Vundofix VundoFix V7.0.3 Scan started at 20:54:53 13/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V7.0.3 Scan started at 21:04:08 13/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... -
Bonjour a vous, Voila mon probleme, j'ai choppé un virus sur msn et me pourris mon portable e pese que c'est le le virus win32small.jmh j'ai besoin d'aide merci d'avance :P voici mon log HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:34:39, on 12/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Apps\Powercinema\PCMService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\mstasker.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\benjamin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Task Mgr!] mstasker.exe O4 - HKLM\..\Run: [740c9146] rundll32.exe "C:\WINDOWS\system32\cvfkmvpa.dll",b O4 - HKLM\..\Run: [bM773fa2da] Rundll32.exe "C:\WINDOWS\system32\wsdethwa.dll",s O4 - HKLM\..\RunOnce: [spybotDeletingA2224] command /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC6325] cmd /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA1676] command /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC9405] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA9172] command /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC2017] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA4057] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKLM\..\RunOnce: [spybotDeletingC513] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKLM\..\RunOnce: [spybotDeletingA7058] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKLM\..\RunOnce: [spybotDeletingC8157] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized O4 - HKCU\..\RunOnce: [spybotDeletingB1586] command /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD2901] cmd /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB3774] command /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8903] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB9840] command /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD2667] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB2148] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKCU\..\RunOnce: [spybotDeletingD7682] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKCU\..\RunOnce: [spybotDeletingB2678] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKCU\..\RunOnce: [spybotDeletingD2654] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203627710777 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe -- End of file - 9100 bytes
-
J'ai un doute sur mon rapport je voudrais avoir un avis pour savoir si j'ai des probleme merci bcp de m'aider je vous envois mon rapport Logfile of HijackThis v1.99.1 Scan saved at 16:13:06, on 03/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)